The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-12-10T20:00:14.594368Z
Updated: 2024-09-17T03:47:43.105Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23463
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-10T20:15:07.917
Modified: 2024-11-21T05:51:47.487
Link: CVE-2021-23463
Redhat