Apache POI for JPHP! WARNING this product use Log4J Package from maven (Apache Log4j Core » 2171) Vulnerabilities from dependencies: CVE-2021-42550 CVE-2021-4104 CVE-2021-23463 CVE-2019-17571
The package com.h2database:h2 from 1.4.198 and prior to 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
h2database h2 |