logo
DATABASE RESOURCES PRICING ABOUT US

XML External Entity (XXE) Injection

Description

h2 is vulnerable to XML external entity injection. The vulnerability exists due to the `getSource` method executed within the `DOMSource.class` input parameter when passing string data into the `org.h2.jdbc.JdbcSQLXML` class, allowing an attacker to cause an application crash or access sensitive data.


Affected Software


CPE Name Name Version
h2 database engine 1.4.200
h2 database engine 1.4.198
h2 database engine 1.4.200
h2 database engine 1.4.198

Related