Lucene search
Veracode Vulnerability DatabaseVERACODE:6845HistoryJun 25, 2018 - 9:19 a.m.
Arbitrary Code Execution
2018-06-2509:19:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.153 Low
EPSS
Percentile
95.9%
H2 Database Engine is vulnerable to arbitrary code execution.It allows an authorized user to inject arbitrary java code using H2 SQL ALIAS command CREATE ALIAS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| h2 database engine | le | 2.1.214 | |
| h2 database engine | le | 1.2.128 | |
| h2 database engine | le | 2.1.214 | |
| h2 database engine | le | 1.2.128 |
References
blog.datomic.com/2018/03/important-security-update.html
forum.datomic.com/t/important-security-update-0-9-5697/379
github.com/h2database/h2database/blob/f97a3dcc856c012b45112cea48d0f1e1bc5518b4/h2/src/main/org/h2/server/web/WebServer.java#L267
lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E
mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
www.exploit-db.com/exploits/44422/
Related
prion
prion
Remote code execution
2018-04-11 20:29:00
nvd
nvd
CVE-2018-10054
2018-04-11 20:29:00
cve
cve
CVE-2018-10054
2018-04-11 20:29:00
atlassian
atlassian
broadcom
broadcom
BSA-2022-1838
2022-05-03 00:00:00
osv
osv
Improper Input Validation in Datomic
2022-05-13 01:30:17
cvelist
cvelist
CVE-2018-10054
2018-04-11 00:00:00
github
github
Improper Input Validation in Datomic
2022-05-13 01:30:17
