Vulnerability

CVE-2021-23463

 Report advisory or correction

CVSS Score 8.6 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-611

References

https://github.com/h2database/h2database/issues/3195
https://github.com/h2database/h2database/pull/3199

[CVE-2021-23463] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Description

h2 - XML eXternal Entity (XXE) [CVE-2021-23463] The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

See com.h2database/h2 package information