6 matches found
africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)
com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: OSV:GHSA-7RPJ-HG47-CX62...
CVE-2021-23463
creationtimestamp| type| source ---|---|--- 2021-12-10 22:25:24+00:00| seen| https://t.me/cibsecurity/33764...
CVE-2021-23463
CVE-2021-23463 affects com.h2database:h2 (versions 1.4.198 and earlier, up to 2.0.202). The root cause is improper handling of XML External Entity (XXE) declarations in JdbcSQLXML; if getSource() is invoked with DOMSource.class via JdbcResultSet.getSQLXML(), an attacker could trigger XXE to read ...
CVE-2021-23463 XML External Entity (XXE) Injection
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)
com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: SNYK:JAVA-COMH2DATABASE-1769238...