VYPR

H2

by H2database

Source repositories

CVEs (1)

  • CVE-2021-42392CriJan 10, 2022
    risk 0.69cvss 9.8epss 0.63

    The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited…