com.h2database:h2@2.1.212 vulnerabilities
-
latest version
2.3.232
-
first published
18 years ago
-
latest version published
a month ago
-
licenses detected
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.h2database:h2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.h2database:h2 is a database engine Affected versions of this package are vulnerable to Information Exposure when H2 web-based admin console was started via the CLI with the argument Vendor Statement: "This is not a vulnerability of the H2 Console, this is an example of how not to use it. I think there is nothing to do with it on the H2 side. Passwords should never be passed on the command line, and every qualified DBA or system administrator is expected to know that." How to fix Information Exposure? Upgrade |
[1.4.198,2.2.220)
|
com.h2database:h2 is a database engine Affected versions of this package are vulnerable to Remote Code Execution (RCE). It provides a web console for managing the database, and by default it does not have a password set. The NOTE: To be remotely exploitable, the affected application must be configured with the non-default setting How to fix Remote Code Execution (RCE)? There is no fixed version for |
[0,)
|