Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.h2database/h2@1.4.198

Type maven

Namespace com.h2database

Name h2

Version 1.4.198

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.210

Latest_non_vulnerable_version 2.2.220

Affected_by_vulnerabilities

url VCID-722u-dcj9-1qc8

vulnerability_id VCID-722u-dcj9-1qc8

summary H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23221.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23221

reference_id

reference_type

scores

value	0.26568
scoring_system	epss
scoring_elements	0.96454
published_at	2026-06-11T12:55:00Z

value	0.26568
scoring_system	epss
scoring_elements	0.96465
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221

reference_url

https://security.netapp.com/advisory/ntap-20230818-0011

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0011

reference_url

https://twitter.com/d0nkey_man/status/1483824727936450564

reference_id

1483824727936450564

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://twitter.com/d0nkey_man/status/1483824727936450564

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2044596
reference_id	2044596
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2044596

reference_url

http://seclists.org/fulldisclosure/2022/Jan/39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

http://seclists.org/fulldisclosure/2022/Jan/39

reference_url

https://github.com/h2database/h2database/security/advisories

reference_id

advisories

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://github.com/h2database/h2database/security/advisories

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

cpuapr2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

cpujul2022.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23221

reference_id

CVE-2022-23221

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23221

reference_url

https://www.debian.org/security/2022/dsa-5076

reference_id

dsa-5076

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://www.debian.org/security/2022/dsa-5076

reference_url

https://github.com/advisories/GHSA-45hx-wfhj-473x

reference_id

GHSA-45hx-wfhj-473x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-45hx-wfhj-473x

reference_url

http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html

reference_id

H2-Database-Console-Remote-Code-Execution.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html

reference_id

msg00017.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html

reference_url

https://security.netapp.com/advisory/ntap-20230818-0011/

reference_id

ntap-20230818-0011

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://security.netapp.com/advisory/ntap-20230818-0011/

reference_url	https://access.redhat.com/errata/RHSA-2022:4918
reference_id	RHSA-2022:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:4919
reference_id	RHSA-2022:4919
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4919

reference_url	https://access.redhat.com/errata/RHSA-2022:4922
reference_id	RHSA-2022:4922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4922

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2024:10207
reference_id	RHSA-2024:10207
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10207

reference_url	https://access.redhat.com/errata/RHSA-2024:10208
reference_id	RHSA-2024:10208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10208

reference_url	https://usn.ubuntu.com/5365-1/
reference_id	USN-5365-1
reference_type
scores
url	https://usn.ubuntu.com/5365-1/

reference_url	https://usn.ubuntu.com/6834-1/
reference_id	USN-6834-1
reference_type
scores
url	https://usn.ubuntu.com/6834-1/

reference_url

https://github.com/h2database/h2database/releases/tag/version-2.1.210

reference_id

version-2.1.210

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/

url

https://github.com/h2database/h2database/releases/tag/version-2.1.210

fixed_packages

url	pkg:maven/com.h2database/h2@2.1.210
purl	pkg:maven/com.h2database/h2@2.1.210
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.1.210

aliases CVE-2022-23221, GHSA-45hx-wfhj-473x

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-722u-dcj9-1qc8

url VCID-ejwh-4mg9-tyas

vulnerability_id VCID-ejwh-4mg9-tyas

summary The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45868

reference_id

reference_type

scores

value	0.00293
scoring_system	epss
scoring_elements	0.53121
published_at	2026-06-12T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52993
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868

reference_url

https://github.com/h2database/h2database/commit/581ed18ff9d6b3761d851620ed88a3994a351a0d

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/commit/581ed18ff9d6b3761d851620ed88a3994a351a0d

reference_url

https://github.com/h2database/h2database/issues/3686

reference_id

3686

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://github.com/h2database/h2database/issues/3686

reference_url

https://github.com/h2database/h2database/pull/3833

reference_id

3833

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://github.com/h2database/h2database/pull/3833

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45868

reference_id

CVE-2022-45868

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45868

reference_url

https://github.com/advisories/GHSA-22wj-vf5f-wrvj

reference_id

GHSA-22wj-vf5f-wrvj

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://github.com/advisories/GHSA-22wj-vf5f-wrvj

reference_url

https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243

reference_id

sonatype-2022-6243

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243

reference_url

https://github.com/h2database/h2database/releases/tag/version-2.2.220

reference_id

version-2.2.220

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://github.com/h2database/h2database/releases/tag/version-2.2.220

reference_url

https://github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347

reference_id

WebServer.java#L346-L347

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/

url

https://github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347

fixed_packages

url	pkg:maven/com.h2database/h2@2.2.220
purl	pkg:maven/com.h2database/h2@2.2.220
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.2.220

aliases CVE-2022-45868, GHSA-22wj-vf5f-wrvj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejwh-4mg9-tyas

url VCID-mpz4-6qzq-9ycm

vulnerability_id VCID-mpz4-6qzq-9ycm

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-42392

reference_id

reference_type

scores

value	0.90592
scoring_system	epss
scoring_elements	0.99634
published_at	2026-06-12T12:55:00Z

value	0.90592
scoring_system	epss
scoring_elements	0.99633
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-42392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221

reference_url

https://github.com/h2database/h2database/releases/tag/version-2.0.206

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/releases/tag/version-2.0.206

reference_url

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console

reference_url	https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
reference_id
reference_type
scores
url	https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/

reference_url

https://security.netapp.com/advisory/ntap-20220119-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220119-0001

reference_url	https://security.netapp.com/advisory/ntap-20220119-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220119-0001/

reference_url

https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console

reference_url	https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/
reference_id
reference_type
scores
url	https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894
reference_id	1003894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2039403
reference_id	2039403
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2039403

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-42392

reference_id

CVE-2021-42392

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-42392

reference_url

https://github.com/advisories/GHSA-h376-j262-vhq6

reference_id

GHSA-h376-j262-vhq6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h376-j262-vhq6

reference_url

https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

reference_id

GHSA-h376-j262-vhq6

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

reference_url	https://access.redhat.com/errata/RHSA-2022:1013
reference_id	RHSA-2022:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1013

reference_url	https://access.redhat.com/errata/RHSA-2022:4918
reference_id	RHSA-2022:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:4919
reference_id	RHSA-2022:4919
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4919

reference_url	https://access.redhat.com/errata/RHSA-2022:4922
reference_id	RHSA-2022:4922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4922

reference_url	https://access.redhat.com/errata/RHSA-2022:6782
reference_id	RHSA-2022:6782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6782

reference_url	https://access.redhat.com/errata/RHSA-2022:6783
reference_id	RHSA-2022:6783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6783

reference_url	https://access.redhat.com/errata/RHSA-2022:6787
reference_id	RHSA-2022:6787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6787

reference_url	https://access.redhat.com/errata/RHSA-2022:7409
reference_id	RHSA-2022:7409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7409

reference_url	https://access.redhat.com/errata/RHSA-2022:7410
reference_id	RHSA-2022:7410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7410

reference_url	https://access.redhat.com/errata/RHSA-2022:7411
reference_id	RHSA-2022:7411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7411

reference_url	https://access.redhat.com/errata/RHSA-2022:7417
reference_id	RHSA-2022:7417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7417

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

reference_url	https://usn.ubuntu.com/5365-1/
reference_id	USN-5365-1
reference_type
scores
url	https://usn.ubuntu.com/5365-1/

reference_url	https://usn.ubuntu.com/6834-1/
reference_id	USN-6834-1
reference_type
scores
url	https://usn.ubuntu.com/6834-1/

fixed_packages

url pkg:maven/com.h2database/h2@2.0.206

purl pkg:maven/com.h2database/h2@2.0.206

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-722u-dcj9-1qc8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.0.206

aliases CVE-2021-42392, GHSA-h376-j262-vhq6, GMS-2022-7

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpz4-6qzq-9ycm

url VCID-pkzn-f9s5-t7dp

vulnerability_id VCID-pkzn-f9s5-t7dp

summary Improper Restriction of XML External Entity Reference in com.h2database:h2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23463.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23463.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23463

reference_id

reference_type

scores

value	0.00766
scoring_system	epss
scoring_elements	0.73982
published_at	2026-06-12T12:55:00Z

value	0.00766
scoring_system	epss
scoring_elements	0.73908
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23463

reference_url

https://github.com/boris-unckel/h2database/commit/f9ad6aef2bfa59eba2b4d3e7c4c32d2cce8e8b05

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/boris-unckel/h2database/commit/f9ad6aef2bfa59eba2b4d3e7c4c32d2cce8e8b05

reference_url

https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3

reference_url

https://github.com/h2database/h2database/issues/3195

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/issues/3195

reference_url

https://github.com/h2database/h2database/pull/3199

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/pull/3199

reference_url

https://github.com/h2database/h2database/pull/3199#issuecomment-1002830390

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/h2database/h2database/pull/3199#issuecomment-1002830390

reference_url

https://security.netapp.com/advisory/ntap-20230818-0010

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0010

reference_url	https://security.netapp.com/advisory/ntap-20230818-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230818-0010/

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2033392
reference_id	2033392
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2033392

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23463

reference_id

CVE-2021-23463

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23463

reference_url

https://github.com/advisories/GHSA-7rpj-hg47-cx62

reference_id

GHSA-7rpj-hg47-cx62

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7rpj-hg47-cx62

fixed_packages

url pkg:maven/com.h2database/h2@2.0.202

purl pkg:maven/com.h2database/h2@2.0.202

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-722u-dcj9-1qc8

vulnerability	VCID-mpz4-6qzq-9ycm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.0.202

aliases CVE-2021-23463, GHSA-7rpj-hg47-cx62

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkzn-f9s5-t7dp

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@1.4.198

Package Instance