mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-22 09:56:49 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2018-10054
Description
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
POC
Reference
- https://github.com/h2database/h2database/issues/1225
- https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
- https://www.exploit-db.com/exploits/44422/
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Threekiii/Awesome-POC
- https://github.com/code-sharx/gradle-plugin
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/guillermo-varela/example-scan-gradle-plugin
- https://github.com/victorsempere/albums_and_photos