Your submission was sent successfully! Close

CVE-2022-23221

Published: 19 January 2022

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
h2database
Launchpad, Ubuntu, Debian
bionic Needs triage

focal
Released (1.4.197-4+deb10u1build0.20.04.1)
hirsute Ignored
(reached end-of-life)
impish
Released (1.4.197-4+deb10u1build0.21.10.1)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)