maha icon indicating copy to clipboard operation
maha copied to clipboard

Published 20 hours ago verified publisher icon yahoo

Arbitrary code execution in H2 Console

Open imhunterand opened this issue 2 years ago • 0 comments

Describe the bugs: 🐛

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script. H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

CVE-2022-23221 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H GHSA-45hx-wfhj-473x

imhunterand avatar Sep 01 '22 03:09 imhunterand