Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

Source

Description

The MITRE CVE dictionary describes this issue as:

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h4:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

Additional Information

Bugzilla 2044596: CVE-2022-23221 h4database: Loading of custom classes from remote servers through JNDI
CWE-502: Deserialization of Untrusted Data
FAQ: Frequently asked questions about CVE-2022-23221

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23221

Description

Additional Information

Vulmon Search

About

Products

Connect