Description
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are
vulnerable to XML External Entity (XXE) Injection via the
org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data
from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the
getSource() method when the parameter is DOMSource.class it will trigger
the vulnerability.
Affected Package
Related
{"id": "UB:CVE-2021-23463", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-23463", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are\nvulnerable to XML External Entity (XXE) Injection via the\norg.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data\nfrom org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the\ngetSource() method when the parameter is DOMSource.class it will trigger\nthe vulnerability.", "published": "2021-12-10T00:00:00", "modified": "2021-12-10T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://ubuntu.com/security/CVE-2021-23463", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23463", "https://github.com/h2database/h2database/issues/3195", "https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238", "https://github.com/h2database/h2database/pull/3199", "https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3", "https://nvd.nist.gov/vuln/detail/CVE-2021-23463", "https://launchpad.net/bugs/cve/CVE-2021-23463", "https://security-tracker.debian.org/tracker/CVE-2021-23463"], "cvelist": ["CVE-2021-23463"], "immutableFields": [], "lastseen": "2022-08-04T13:14:06", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-23463"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-23463"]}, {"type": "github", "idList": ["GHSA-7RPJ-HG47-CX62"]}, {"type": "githubexploit", "idList": ["084C8D8C-4B14-526B-9A5E-977BD4F2FBE4"]}, {"type": "osv", "idList": ["OSV:GHSA-7RPJ-HG47-CX62"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-23463"]}, {"type": "veracode", "idList": ["VERACODE:33287"]}]}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-23463"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-23463"]}, {"type": "github", "idList": ["GHSA-7RPJ-HG47-CX62"]}, {"type": "githubexploit", "idList": ["084C8D8C-4B14-526B-9A5E-977BD4F2FBE4"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-23463"]}]}, "exploitation": null, "vulnersScore": 5.2}, "_state": {"dependencies": 1660004461, "score": 1659926002}, "_internal": {"score_hash": "a95eeda9c68345059a96a60cb2b9a3aa"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "h2database"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "h2database"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "h2database"}], "bugs": []}
{"veracode": [{"lastseen": "2022-06-29T08:13:02", "description": "h2 is vulnerable to XML external entity injection. The vulnerability exists due to the `getSource` method executed within the `DOMSource.class` input parameter when passing string data into the `org.h2.jdbc.JdbcSQLXML` class, allowing an attacker to cause an application crash or access sensitive data.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-13T03:56:39", "type": "veracode", "title": "XML External Entity (XXE) Injection ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-04-28T17:10:14", "id": "VERACODE:33287", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33287/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "github": [{"lastseen": "2022-04-22T16:42:21", "description": "H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T14:29:57", "type": "github", "title": "Improper Restriction of XML External Entity Reference in com.h2database:h2.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-04-22T15:39:59", "id": "GHSA-7RPJ-HG47-CX62", "href": "https://github.com/advisories/GHSA-7rpj-hg47-cx62", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T17:28:13", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T16:53:25", "type": "redhatcve", "title": "CVE-2021-23463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-07-07T15:12:05", "id": "RH:CVE-2021-23463", "href": "https://access.redhat.com/security/cve/cve-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2022-04-28T17:48:21", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-10T20:15:00", "type": "cve", "title": "CVE-2021-23463", "cwe": ["CWE-611"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-04-28T14:53:00", "cpe": [], "id": "CVE-2021-23463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-07-04T05:59:28", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-10T20:15:00", "type": "debiancve", "title": "CVE-2021-23463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2021-12-10T20:15:00", "id": "DEBIANCVE:CVE-2021-23463", "href": "https://security-tracker.debian.org/tracker/CVE-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-13T03:33:46", "description": "H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T14:29:57", "type": "osv", "title": "Improper Restriction of XML External Entity Reference in com.h2database:h2.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-08-13T03:33:41", "id": "OSV:GHSA-7RPJ-HG47-CX62", "href": "https://osv.dev/vulnerability/GHSA-7rpj-hg47-cx62", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "githubexploit": [{"lastseen": "2022-03-28T14:15:09", "description": "# jdbc-sqlxml-xxe\n- h2-jdbc (CVE-2021-234...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-10-22T07:14:25", "type": "githubexploit", "title": "Exploit for Vulnerability in Oracle Mysql Connectors", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.9, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463", "CVE-2021-2471"], "modified": "2022-03-28T13:42:13", "id": "084C8D8C-4B14-526B-9A5E-977BD4F2FBE4", "href": "", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}, "privateArea": 1}]}
CVE-2021-23463
