CVE-2021-23463
published 2021-12-10CVE-2021-23463: The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class…
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
3.28%
86.9th percentile
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | h2database | — | — |
| h2database | h2 | >= 1.4.198 < 2.0.202 | 2.0.202 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_debian8.1LOW
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Restriction of XML External Entity Reference in com.h2database:h2.
osv·2021-12-16
CVE-2021-23463 [HIGH] Improper Restriction of XML External Entity Reference in com.h2database:h2.
Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
GHSA
Improper Restriction of XML External Entity Reference in com.h2database:h2.
ghsa·2021-12-16
CVE-2021-23463 [HIGH] CWE-611 Improper Restriction of XML External Entity Reference in com.h2database:h2.
Improper Restriction of XML External Entity Reference in com.h2database:h2.
H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Red Hat
h2database: XXE injection vulnerability
vendor_redhat·2021-10-22·CVSS 8.1
CVE-2021-23463 [HIGH] CWE-611 h2database: XXE injection vulnerability
h2database: XXE injection vulnerability
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
A flaw was found in the h2database. This flaw allows an attacker to benefit from XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object. A user may trigger the vulnerability by sending malicious data.
Package: com.h2database.h2 (Red Hat build of Apicurio Registry 2) - Affected
Package: com.h2database.h2 (Red Hat build of Quarkus) - Affected
Package: com.h2database.h2 (
Debian
CVE-2021-23463: h2database - The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to ...
vendor_debian·2021·CVSS 8.1
CVE-2021-23463 [HIGH] CVE-2021-23463: h2database - The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to ...
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3https://github.com/h2database/h2database/issues/3195https://github.com/h2database/h2database/pull/3199https://security.netapp.com/advisory/ntap-20230818-0010/https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3https://github.com/h2database/h2database/issues/3195https://github.com/h2database/h2database/pull/3199https://security.netapp.com/advisory/ntap-20230818-0010/https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238https://www.oracle.com/security-alerts/cpuapr2022.html
2021-12-10
Published