H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
2022-01-19T17:15:09.000
2025-05-05T17:17:56.070
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | h2database | h2 | < 2.0.206 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | debian | debian_linux | 10.0 | Yes |
Operating System | debian | debian_linux | 11.0 | Yes |
Application | oracle | communications_cloud_native_core_console | 1.9.0 | Yes |