Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML External Entity (XXE) Injection
Vulnerability Description
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
Markdown To Pdf 代码问题漏洞
Vulnerability Description
Markdown To Pdf是德国Simon Hanisch个人开发者的一个简单且可破解的 Cli 工具。用于将 Markdown 转换为 pdf。 Markdown To Pdf 中存在代码问题漏洞,该漏洞源于该服务使用org.h2.jdbc.JdbcResultSet.getSQLXML方法获得解析字符串时如果getSource方法的参数为DOMSource.class会引起恶意注入。以下产品及版本受到影响:H2database 2.0.202 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A