{"id":"CVE-2021-42392","details":"The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.","aliases":["GHSA-h376-j262-vhq6"],"modified":"2026-05-15T12:04:21.265263924Z","published":"2022-01-10T14:10:23.643Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"},{"last_affected":"11.0"}]},{"cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:communications_cloud_native_core_policy","source":"CPE_FIELD","extracted_events":[{"last_affected":"1.15.0"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220119-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5076"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"ARTICLE","url":"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/"},{"type":"EVIDENCE","url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}