2 matches found
H2O Remote Code Execution Vulnerability
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A remote code execution vulnerability exists in H2O 3.46.0.4 and earlier versions, which can be exploited by an attacker to arbitrarily set a JDBC URL, leading to deserialization attacks, file reads, a...
CVE-2022-26520
In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...