Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ahev-cr9q-g3d3
Summary
Password exposure in H2 Database
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."
Aliases
0
alias CVE-2022-45868
1
alias GHSA-22wj-vf5f-wrvj
Fixed_packages
0
url pkg:maven/com.h2database/h2@2.2.220
purl pkg:maven/com.h2database/h2@2.2.220
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.2.220
Affected_packages
0
url pkg:maven/com.h2database/h2@1.4.198
purl pkg:maven/com.h2database/h2@1.4.198
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
2
vulnerability VCID-furu-at6b-nbez
3
vulnerability VCID-jstt-6zs3-ybew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@1.4.198
1
url pkg:maven/com.h2database/h2@1.4.199
purl pkg:maven/com.h2database/h2@1.4.199
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
2
vulnerability VCID-furu-at6b-nbez
3
vulnerability VCID-jstt-6zs3-ybew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@1.4.199
2
url pkg:maven/com.h2database/h2@1.4.200
purl pkg:maven/com.h2database/h2@1.4.200
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
2
vulnerability VCID-furu-at6b-nbez
3
vulnerability VCID-jstt-6zs3-ybew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@1.4.200
3
url pkg:maven/com.h2database/h2@2.0.202
purl pkg:maven/com.h2database/h2@2.0.202
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
2
vulnerability VCID-jstt-6zs3-ybew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.0.202
4
url pkg:maven/com.h2database/h2@2.0.204
purl pkg:maven/com.h2database/h2@2.0.204
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
2
vulnerability VCID-jstt-6zs3-ybew
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.0.204
5
url pkg:maven/com.h2database/h2@2.0.206
purl pkg:maven/com.h2database/h2@2.0.206
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6tyr-1gfy-fua1
1
vulnerability VCID-ahev-cr9q-g3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.0.206
6
url pkg:maven/com.h2database/h2@2.1.210
purl pkg:maven/com.h2database/h2@2.1.210
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ahev-cr9q-g3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.1.210
7
url pkg:maven/com.h2database/h2@2.1.212
purl pkg:maven/com.h2database/h2@2.1.212
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ahev-cr9q-g3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.1.212
8
url pkg:maven/com.h2database/h2@2.1.214
purl pkg:maven/com.h2database/h2@2.1.214
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ahev-cr9q-g3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.h2database/h2@2.1.214
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45868
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52635
published_at 2026-04-12T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.5268
published_at 2026-05-14T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52603
published_at 2026-05-12T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52578
published_at 2026-05-11T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52614
published_at 2026-05-09T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52569
published_at 2026-05-07T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52516
published_at 2026-05-05T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52574
published_at 2026-04-29T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52612
published_at 2026-04-26T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52652
published_at 2026-04-11T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52589
published_at 2026-04-04T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52556
published_at 2026-04-07T12:55:00Z
12
value 0.00293
scoring_system epss
scoring_elements 0.52608
published_at 2026-04-08T12:55:00Z
13
value 0.00293
scoring_system epss
scoring_elements 0.52601
published_at 2026-04-24T12:55:00Z
14
value 0.00293
scoring_system epss
scoring_elements 0.52651
published_at 2026-04-21T12:55:00Z
15
value 0.00293
scoring_system epss
scoring_elements 0.52666
published_at 2026-04-18T12:55:00Z
16
value 0.00293
scoring_system epss
scoring_elements 0.52659
published_at 2026-04-16T12:55:00Z
17
value 0.00293
scoring_system epss
scoring_elements 0.52621
published_at 2026-04-13T12:55:00Z
18
value 0.00293
scoring_system epss
scoring_elements 0.52602
published_at 2026-04-09T12:55:00Z
19
value 0.00293
scoring_system epss
scoring_elements 0.52563
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45868
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45868
2
reference_url https://github.com/advisories/GHSA-22wj-vf5f-wrvj
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://github.com/advisories/GHSA-22wj-vf5f-wrvj
3
reference_url https://github.com/h2database/h2database
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2database/h2database
4
reference_url https://github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://github.com/h2database/h2database/blob/96832bf5a97cdc0adc1f2066ed61c54990d66ab5/h2/src/main/org/h2/server/web/WebServer.java#L346-L347
5
reference_url https://github.com/h2database/h2database/commit/581ed18ff9d6b3761d851620ed88a3994a351a0d
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2database/h2database/commit/581ed18ff9d6b3761d851620ed88a3994a351a0d
6
reference_url https://github.com/h2database/h2database/issues/3686
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://github.com/h2database/h2database/issues/3686
7
reference_url https://github.com/h2database/h2database/pull/3833
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://github.com/h2database/h2database/pull/3833
8
reference_url https://github.com/h2database/h2database/releases/tag/version-2.2.220
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://github.com/h2database/h2database/releases/tag/version-2.2.220
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45868
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45868
10
reference_url https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-19T20:58:21Z/
url https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 312
name Cleartext Storage of Sensitive Information
description The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ahev-cr9q-g3d3