Com.h2database:h2
This hub aggregates every CVE we track for Com.h2database:h2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
2
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Com.h2database:h2.
- CVE-2022-45868The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the w...8.4
- CVE-2022-23221H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a ...9.8
- CVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading...9.8
- CVE-2021-23463XML External Entity (XXE) Injection8.1
Product normalization is registry-driven with AI assist and human review. How it works