6 matches found
Arbitrary Code Execution
import-in-the-middle is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the lack of sanitization in the getSource function of hook.js, which allows an attacker to inject and execute malicious code in the import function...
GHSA-7RPJ-HG47-CX62 Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...
Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
PT-2021-8014 · H2Database · H2
Name of the Vulnerable Software and Affected Versions: com.h2database:h2 versions 1.4.198 through 2.0.202 Description: The issue is related to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. This occurs when the object receives parsed string data from the...
XML External Entity (XXE) Injection
Overview com.h2database:h2 is a database engine Affected versions of this package are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource meth...