Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/hsqldb@2.7.1-1?distro=trixie
purl pkg:deb/debian/hsqldb@2.7.1-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-knw5-d2nn-vyhq HyperSQL DataBase vulnerable to remote code execution when processing untrusted input Those using `java.sql.Statement` or `java.sql.PreparedStatement` in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, `System.setProperty("hsqldb.method_class_names", "abc")` or Java argument `-Dhsqldb.method_class_names="abc"` can be used. From version 2.7.1 all classes by default are not accessible except those in `java.lang.Math` and need to be manually enabled. CVE-2022-41853
GHSA-77xx-rxvh-q682

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:11:37.571771+00:00 Debian Importer Fixing VCID-knw5-d2nn-vyhq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:04:45.171594+00:00 Debian Importer Fixing VCID-knw5-d2nn-vyhq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:26:36.931985+00:00 Debian Importer Fixing VCID-knw5-d2nn-vyhq https://security-tracker.debian.org/tracker/data/json 38.1.0