h2 is vulnerable to information disclosures. The library doesn’t check if the filename parameter in the backup command points to a symlinked directory, allowing a malicious user to gain access to sensitive information on the database.
CPE | Name | Operator | Version |
---|---|---|---|
h2 database engine | le | 1.0.20061217 | |
h2 database engine | le | 2.0.204 | |
h2 database engine | le | 1.0.20061217 | |
h2 database engine | le | 2.0.204 |
gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
github.com/h2database/h2database/blob/version-1.4.197/h2/src/main/org/h2/command/dml/BackupCommand.java#L55
github.com/h2database/h2database/issues/3206
lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e@%3Cuser.ignite.apache.org%3E
www.exploit-db.com/exploits/45105
www.exploit-db.com/exploits/45105/