H2 Database Engine is vulnerable to arbitrary code execution.It allows an authorized user to inject arbitrary java code using H2 SQL ALIAS command CREATE ALIAS
.
CPE | Name | Operator | Version |
---|---|---|---|
h2 database engine | le | 2.1.214 | |
h2 database engine | le | 1.2.128 | |
h2 database engine | le | 2.1.214 | |
h2 database engine | le | 1.2.128 |
blog.datomic.com/2018/03/important-security-update.html
forum.datomic.com/t/important-security-update-0-9-5697/379
github.com/h2database/h2database/blob/f97a3dcc856c012b45112cea48d0f1e1bc5518b4/h2/src/main/org/h2/server/web/WebServer.java#L267
lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E
mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
www.exploit-db.com/exploits/44422/