Description
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
References (6)
Core 6
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/h2database/h2database/issues/3195
Issue Tracking, Patch, Third Party Advisory
https://github.com/h2database/h2database/pull/3199
Exploit, Patch, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238
Not Applicable
https://www.oracle.com/security-alerts/cpuapr2022.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230818-0010/
Scores
CVSS v3
8.1
EPSS
0.0077
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
com.h2database/h2
1.4.198 - 2.0.202Maven
h2database/h2
1.4.198 - 2.0.202
Published
Dec 10, 2021
Tracked Since
Feb 18, 2026