Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-23463

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/h2d...
MISC: https://github.com/h2d...
MISC: https://github.com/h2d...
MISC: https://snyk.io/vuln/S...
MISC: https://www.oracle.com...
CONFIRM: https://security.netap...

Launchpad.net

CVE 2021-23463

Related bugs

References