H2 1.4.197, as used in Datomic prior to 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
h2database h2 1.4.197 |
||
cognitect datomic |