9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.006 Low
EPSS
Percentile
78.4%
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are
vulnerable to XML External Entity (XXE) Injection via the
org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data
from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the
getSource() method when the parameter is DOMSource.class it will trigger
the vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | h2database | < any | UNKNOWN |
ubuntu | 20.04 | noarch | h2database | < any | UNKNOWN |
ubuntu | 22.04 | noarch | h2database | < any | UNKNOWN |
ubuntu | 23.10 | noarch | h2database | < any | UNKNOWN |
ubuntu | 16.04 | noarch | h2database | < any | UNKNOWN |
github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3
github.com/h2database/h2database/issues/3195
github.com/h2database/h2database/pull/3199
launchpad.net/bugs/cve/CVE-2021-23463
nvd.nist.gov/vuln/detail/CVE-2021-23463
security-tracker.debian.org/tracker/CVE-2021-23463
snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238
www.cve.org/CVERecord?id=CVE-2021-23463
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.006 Low
EPSS
Percentile
78.4%