ID:8126 - Exploit for Deserialization of Untrusted Data in H2 Database - CVE-2021-42392

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:8126 - Exploit for Deserialization of Untrusted Data in H2 Database - CVE-2021-42392

ID:8126 - Exploit for Deserialization of Untrusted Data in H2 Database - CVE-2021-42392

Published: July 10, 2022


Vulnerability identifier: #VU61937
Vulnerability risk: Critical
CVE-ID: CVE-2021-42392
CWE-ID: CWE-502
Exploitation vector: Remote access
Vulnerable software:
H2 Database

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.h2.util.JdbcUtils.getConnection method. A remote attacker can pass a JNDI driver name and a URL leading to a LDAP or RMI servers and execute arbitrary code on the system.


Remediation

Install updates from vendor's website.