CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-42392.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

56 lines
2.5 KiB
Markdown
Raw Permalink Blame History

### [CVE-2021-42392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392)
![](https://img.shields.io/static/v1?label=Product&message=h2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.1.000%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502&color=brightgreen)
### Description
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
### POC
#### Reference
- https://www.oracle.com/security-alerts/cpuapr2022.html
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Be-Innova/CVE-2021-42392-exploit-lab
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/LXGaming/Agent
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/RunCor399/Project_2_SVT_Arcolini_Colotti
- https://github.com/SYRTI/POC_to_review
- https://github.com/Threekiii/Awesome-POC
- https://github.com/WhooAmii/POC_to_review
- https://github.com/binganao/vulns-2022
- https://github.com/chains-project/exploits-for-sbom.exe
- https://github.com/cuspycode/jpa-crypt
- https://github.com/cuspycode/jpa-ddl
- https://github.com/cybersecurityworks553/CVE-2021-42392-Detect
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/mosaic-hgw/WildFly
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nscuro/dtapac
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/soosmile/POC
- https://github.com/tdunlap607/gsd-analysis
- https://github.com/trhacknon/Pocingit
- https://github.com/zecool/cve
Reference in New Issue View Git Blame Copy Permalink