Published on: 10 January 2022
H2 has released a security advisory to address a vulnerability in H2 database console. A remote unauthenticated attacker could perform arbitrary code execution on a vulnerable system by exploiting the vulnerability.
Reports indicate a remote code execution vulnerability (CVE-2021-42392) in H2 database console is at high risk of exploitation. H2 is an open-source Java SQL database widely used in Maven repositories. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
H2 has released new version of the product to address the issue and it can be downloaded at the following URLs:
https://h2database.com/html/download.html
In addition to in-house and self-developed systems/applications, commercial products and open-source software/libraries may also be affected by the vulnerability. It is recommended to consult product vendors if the used software products are affected and corresponding patches/mitigation measures are available. If so, system administrators should apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.