H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-11T00:00:00

Updated: 2024-08-05T07:32:00.906Z

Reserved: 2018-04-11T00:00:00

Link: CVE-2018-10054

cve-icon Vulnrichment

Updated: 2024-08-05T07:32:00.906Z

cve-icon NVD

Status : Modified

Published: 2018-04-11T20:29:00.860

Modified: 2024-08-05T08:15:17.300

Link: CVE-2018-10054

cve-icon Redhat

No data.