13 matches found
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
CVE-2025-62420
Summary: DataEase (versions up to 2.10.13) contains a JDBC driver bypass vulnerability in the H2 database connection handler. The getJdbc function in H2.java uses the jdbcUrl starting with jdbc:h2 but returns a separate jdbc field as the actual connection URL, allowing an authenticated attacker t...
CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
Apache NiFi H2 Connection String Remote Code Execution
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells 5-7. Successfully test...
Code Injection
nifi-hikari-dbcp-service and nifi-dbcp-base is vulnerable to Code Injection. The vulnerability exists due to improper URL validation for the database services, if an attacker has access to the database URL, an attacker can inject and execute malicious code by configuring an H2 driver...
GHSA-XM2M-2Q6H-22JW Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
Apache NiFi vulnerable to Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
CVE-2023-34468
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
Design/Logic Flaw
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...
CVE-2023-34468
CVE-2023-34468 affects Apache NiFi controllers: DBCPConnectionPool and HikariCPConnectionPool. Versions 0.0.2 through 1.21.0 allow an authenticated/authorized user to configure a Database URL using the H2 driver that enables custom code execution. The issue is mitigated by upgrading to NiFi 1.22....
PT-2023-5586 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...