Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote code execution in HyperSQL DataBase
Vulnerability Description
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
使用外部可控制的输入来选择类或代码(不安全的反射)
Vulnerability Title
HSQLDB 安全漏洞
Vulnerability Description
HSQLDB是The HSQL Development Group团队的一个用 Java 编写的关系数据库管理系统。 HSQLDB 存在安全漏洞,该漏洞源于其使用java.sql.Statement或java.sql.PreparedStatement处理不可信输入时,默认情况下允许调用类路径中任何Java类的任何静态方法,导致攻击者可以执行代码。
CVSS Information
N/A
Vulnerability Type
N/A