VulnerableCode Package Details - pkg:maven/com.h2database/h2@1.0.58

Search for packages

Vulnerability	Summary	Fixed by
VCID-6tyr-1gfy-fua1 Aliases: CVE-2022-23221 GHSA-45hx-wfhj-473x	Improper Control of Generation of Code ('Code Injection') H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.	2.1.210 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-furu-at6b-nbez Aliases: CVE-2021-23463 GHSA-7rpj-hg47-cx62	Improper Restriction of XML External Entity Reference The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.	2.0.202 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6tyr-1gfy-fua1
Aliases:
CVE-2022-23221
GHSA-45hx-wfhj-473x

Improper Control of Generation of Code ('Code Injection') H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

2.1.210
Affected by 1 other vulnerability.

VCID-furu-at6b-nbez
Aliases:
CVE-2021-23463
GHSA-7rpj-hg47-cx62

Improper Restriction of XML External Entity Reference The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

2.0.202
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:37:52.829390+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.4.0
2026-04-16T21:36:34.482114+00:00	GitLab Importer	Affected by	VCID-furu-at6b-nbez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml	38.4.0
2026-04-11T22:52:12.473612+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.3.0
2026-04-11T22:50:19.968465+00:00	GitLab Importer	Affected by	VCID-furu-at6b-nbez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml	38.3.0
2026-04-02T23:01:37.148435+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.1.0
2026-04-02T22:59:44.070126+00:00	GitLab Importer	Affected by	VCID-furu-at6b-nbez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml	38.1.0
2026-04-01T17:20:27.984729+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.0.0
2026-04-01T17:18:27.968506+00:00	GitLab Importer	Affected by	VCID-furu-at6b-nbez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2021-23463.yml	38.0.0