cve-2021-23463
Vulnerability from cvelistv5
Published
2021-12-10 20:00
Modified
2024-09-17 03:47
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P
Summary
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
References
report@snyk.iohttps://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3Broken Link
report@snyk.iohttps://github.com/h2database/h2database/issues/3195Exploit, Issue Tracking, Patch, Third Party Advisory
report@snyk.iohttps://github.com/h2database/h2database/pull/3199Issue Tracking, Patch, Third Party Advisory
report@snyk.iohttps://security.netapp.com/advisory/ntap-20230818-0010/
report@snyk.iohttps://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238Exploit, Patch, Third Party Advisory
report@snyk.iohttps://www.oracle.com/security-alerts/cpuapr2022.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3Broken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2database/h2database/issues/3195Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2database/h2database/pull/3199Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230818-0010/
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlNot Applicable
Impacted products
Vendor Product Version
n/a com.h2database:h2 Version: 0   < unspecified
Version: unspecified   < 2.0.202
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T19:14:08.576Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/h2database/h2database/issues/3195",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/h2database/h2database/pull/3199",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230818-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "com.h2database:h2",
               vendor: "n/a",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "2.0.202",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "threedr3am of SecCoder Security Lab",
            },
         ],
         datePublic: "2021-12-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "PROOF_OF_CONCEPT",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  remediationLevel: "NOT_DEFINED",
                  reportConfidence: "NOT_DEFINED",
                  scope: "UNCHANGED",
                  temporalScore: 7.7,
                  temporalSeverity: "HIGH",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "XML External Entity (XXE) Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-18T13:06:24.563141",
            orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            shortName: "snyk",
         },
         references: [
            {
               url: "https://github.com/h2database/h2database/issues/3195",
            },
            {
               url: "https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238",
            },
            {
               url: "https://github.com/h2database/h2database/pull/3199",
            },
            {
               url: "https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230818-0010/",
            },
         ],
         title: "XML External Entity (XXE) Injection",
      },
   },
   cveMetadata: {
      assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
      assignerShortName: "snyk",
      cveId: "CVE-2021-23463",
      datePublished: "2021-12-10T20:00:14.594368Z",
      dateReserved: "2021-01-08T00:00:00",
      dateUpdated: "2024-09-17T03:47:43.105Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:h2database:h2:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.4.198\", \"versionEndExcluding\": \"2.0.202\", \"matchCriteriaId\": \"BF697BB1-B848-4C0B-8DFF-EA0DB4F46D13\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.\"}, {\"lang\": \"es\", \"value\": \"El paquete com.h2database:h2 a partir de la versi\\u00f3n 1.4.198 y antes de la versi\\u00f3n 2.0.202 son vulnerables a la Inyecci\\u00f3n de Entidades Externas XML (XXE) a trav\\u00e9s del objeto de clase org.h2.jdbc.JdbcSQLXML, cuando recibe datos de cadena analizados del m\\u00e9todo org.h2.jdbc.JdbcResultSet.getSQLXML(). Si ejecuta el m\\u00e9todo getSource() cuando el par\\u00e1metro es DOMSource.class activar\\u00e1 la vulnerabilidad\"}]",
         id: "CVE-2021-23463",
         lastModified: "2024-11-21T05:51:47.487",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2021-12-10T20:15:07.917",
         references: "[{\"url\": \"https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3\", \"source\": \"report@snyk.io\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://github.com/h2database/h2database/issues/3195\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/h2database/h2database/pull/3199\", \"source\": \"report@snyk.io\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0010/\", \"source\": \"report@snyk.io\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://github.com/h2database/h2database/issues/3195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/h2database/h2database/pull/3199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0010/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}]",
         sourceIdentifier: "report@snyk.io",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2021-23463\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-12-10T20:15:07.917\",\"lastModified\":\"2024-11-21T05:51:47.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.\"},{\"lang\":\"es\",\"value\":\"El paquete com.h2database:h2 a partir de la versión 1.4.198 y antes de la versión 2.0.202 son vulnerables a la Inyección de Entidades Externas XML (XXE) a través del objeto de clase org.h2.jdbc.JdbcSQLXML, cuando recibe datos de cadena analizados del método org.h2.jdbc.JdbcResultSet.getSQLXML(). Si ejecuta el método getSource() cuando el parámetro es DOMSource.class activará la vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:h2database:h2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.198\",\"versionEndExcluding\":\"2.0.202\",\"matchCriteriaId\":\"BF697BB1-B848-4C0B-8DFF-EA0DB4F46D13\"}]}]}],\"references\":[{\"url\":\"https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3\",\"source\":\"report@snyk.io\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/h2database/h2database/issues/3195\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/h2database/h2database/pull/3199\",\"source\":\"report@snyk.io\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230818-0010/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/h2database/h2database/issues/3195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/h2database/h2database/pull/3199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230818-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.