VulnerableCode Package Details - pkg:maven/com.h2database/h2@2.0.206

Search for packages

Vulnerability	Summary	Fixed by
VCID-6tyr-1gfy-fua1 Aliases: CVE-2022-23221 GHSA-45hx-wfhj-473x	Improper Control of Generation of Code ('Code Injection') H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.	2.1.210 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ahev-cr9q-g3d3 Aliases: CVE-2022-45868 GHSA-22wj-vf5f-wrvj	Password exposure in H2 Database The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."	2.2.220 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6tyr-1gfy-fua1
Aliases:
CVE-2022-23221
GHSA-45hx-wfhj-473x

Improper Control of Generation of Code ('Code Injection') H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

2.1.210
Affected by 1 other vulnerability.

VCID-ahev-cr9q-g3d3
Aliases:
CVE-2022-45868
GHSA-22wj-vf5f-wrvj

Password exposure in H2 Database The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."

2.2.220
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jstt-6zs3-ybew	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2.	CVE-2021-42392 GHSA-h376-j262-vhq6 GMS-2022-7

Vulnerability

Summary

Aliases

VCID-jstt-6zs3-ybew

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2.

CVE-2021-42392
GHSA-h376-j262-vhq6
GMS-2022-7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:37:53.007937+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.4.0
2026-04-16T21:36:58.430710+00:00	GitLab Importer	Fixing	VCID-jstt-6zs3-ybew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml	38.4.0
2026-04-16T02:40:25.571155+00:00	GHSA Importer	Affected by	VCID-ahev-cr9q-g3d3	https://github.com/advisories/GHSA-22wj-vf5f-wrvj	38.4.0
2026-04-11T22:52:12.956009+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.3.0
2026-04-11T22:50:55.464186+00:00	GitLab Importer	Fixing	VCID-jstt-6zs3-ybew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml	38.3.0
2026-04-11T14:06:33.084633+00:00	GHSA Importer	Affected by	VCID-ahev-cr9q-g3d3	https://github.com/advisories/GHSA-22wj-vf5f-wrvj	38.3.0
2026-04-02T23:01:37.569506+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.1.0
2026-04-02T23:00:19.108802+00:00	GitLab Importer	Fixing	VCID-jstt-6zs3-ybew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml	38.1.0
2026-04-02T14:51:53.979965+00:00	GHSA Importer	Affected by	VCID-ahev-cr9q-g3d3	https://github.com/advisories/GHSA-22wj-vf5f-wrvj	38.1.0
2026-04-01T17:20:28.471368+00:00	GitLab Importer	Affected by	VCID-6tyr-1gfy-fua1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/CVE-2022-23221.yml	38.0.0
2026-04-01T15:59:18.064383+00:00	GHSA Importer	Fixing	VCID-jstt-6zs3-ybew	https://github.com/advisories/GHSA-h376-j262-vhq6	38.0.0
2026-04-01T13:05:46.598605+00:00	GithubOSV Importer	Fixing	VCID-jstt-6zs3-ybew	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-h376-j262-vhq6/GHSA-h376-j262-vhq6.json	38.0.0
2026-04-01T12:49:13.698883+00:00	GitLab Importer	Fixing	VCID-jstt-6zs3-ybew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.h2database/h2/GMS-2022-7.yml	38.0.0