GHSA-9pf8-qqhm-7w64

Source

https://github.com/advisories/GHSA-9pf8-qqhm-7w64

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pf8-qqhm-7w64/GHSA-9pf8-qqhm-7w64.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9pf8-qqhm-7w64

Aliases

CVE-2018-10054

Published

2022-05-13T01:30:17Z

Modified

2024-07-19T15:31:45Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Input Validation in Datomic

Details

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ],
    "nvd_published_at": "2018-04-11T20:29:00Z",
    "github_reviewed_at": "2022-06-30T14:03:27Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

Maven / com.datomic:datomic-free

Package

Name: com.datomic:datomic-free; View open source insights on deps.dev
Purl: pkg:maven/com.datomic/datomic-free

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.5697

Database specific

last_known_affected_version_range

"<= 0.9.5656"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pf8-qqhm-7w64/GHSA-9pf8-qqhm-7w64.json"