The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.h2database:h2(Maven) | 1.1.100 | 2.0.206 | N/A |
CVSS Metrics
