10 matches found
EUVD-2021-2477
Malware in sbrugna...
CVE-2021-23463
A flaw was found in the h2database. This flaw allows an attacker to benefit from XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. A user may trigger the vulnerability by sending malicious data...
GHSA-7RPJ-HG47-CX62 Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...
Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...
XML External Entity (XXE) Injection
h2 is vulnerable to XML External Entity XXE Injection . The vulnerability exists due to the getSource method executed within the DOMSource.class input parameter when passing string data into the org.h2.jdbc.JdbcSQLXML class, allowing an attacker to cause an application crash or access sensitive...
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
Xxe
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...
PT-2021-8014 · H2Database · H2
Name of the Vulnerable Software and Affected Versions: com.h2database:h2 versions 1.4.198 through 2.0.202 Description: The issue is related to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. This occurs when the object receives parsed string data from the...