Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2021/12/16 2:29 p.m.3 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)

com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: OSV:GHSA-7RPJ-HG47-CX62...

9.1CVSS7.2AI score0.03284EPSS
Exploits1
Circl
Circl
added 2021/12/10 10:25 p.m.7 views

CVE-2021-23463

creationtimestamp| type| source ---|---|--- 2021-12-10 22:25:24+00:00| seen| https://t.me/cibsecurity/33764...

9.1CVSS8.5AI score0.03284EPSS
Exploits1References1
CVE
CVE
added 2021/12/10 8:0 p.m.143 views

CVE-2021-23463

CVE-2021-23463 affects com.h2database:h2 (versions 1.4.198 and earlier, up to 2.0.202). The root cause is improper handling of XML External Entity (XXE) declarations in JdbcSQLXML; if getSource() is invoked with DOMSource.class via JdbcResultSet.getSQLXML(), an attacker could trigger XXE to read ...

9.1CVSS8.8AI score0.03284EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/12/10 8:0 p.m.36 views

CVE-2021-23463 XML External Entity (XXE) Injection

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...

8.1CVSS9.6AI score0.03284EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2021/12/10 8:0 p.m.34 views

CVE-2021-23463

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...

9.1CVSS9.4AI score0.03284EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/10/30 6:1 p.m.5 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)

com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: SNYK:JAVA-COMH2DATABASE-1769238...

9.1CVSS7.2AI score0.03284EPSS
Exploits1
Rows per page
Query Builder