[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-42392":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":34,"duplicate_of":9,"upstream":36,"downstream":37,"duplicates":66,"related":67,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":79,"kevs":143,"epss":144,"epss_history":147,"metrics":355,"affected":364},"CVE-2021-42392","The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[25],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_973F0D54D611A8CA","Exploit Reference (jfrog.com)","reference","https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/","unknown",0.2,false,[],[35],"GHSA-h376-j262-vhq6",[],[38,40,42,44,46,48,50,52,54,56,58,60,62,64],{"_key":39},"UBUNTU-CVE-2021-42392",{"_key":41},"USN-5365-1",{"_key":43},"DLA-2923-1",{"_key":45},"DSA-5076-1",{"_key":47},"DEBIAN-CVE-2021-42392",{"_key":49},"RHSA-2022:4918",{"_key":51},"RHSA-2022:4919",{"_key":53},"RHSA-2022:6782",{"_key":55},"RHSA-2022:6783",{"_key":57},"RHSA-2022:7409",{"_key":59},"RHSA-2022:7410",{"_key":61},"RHSA-2022:7411",{"_key":63},"USN-6834-1",{"_key":65},"RHSA-2025:1747",[],[],"2022-01-07T00:00:00.000Z","2024-08-04T03:30:38.345Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":70},"critical",0.90592,"high",10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[80,89,94,99,104,109,113,117,122,127,131,135,139],{"url":81,"sources":82,"tags":85},"https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",[83,77,84],"cve.org","osv_maven",[86,87,88],"Mitigation","Third Party Advisory","WEB",{"url":90,"sources":91,"tags":92},"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html",[83,77,84],[93,87,88],"Mailing List",{"url":95,"sources":96,"tags":97},"https://www.debian.org/security/2022/dsa-5076",[83,77,84],[98,87,88],"Vendor Advisory",{"url":100,"sources":101,"tags":102},"https://www.oracle.com/security-alerts/cpuapr2022.html",[83,77,84],[103,87,88],"Patch",{"url":29,"sources":105,"tags":106},[83,77],[107,108,98],"Exploit","Technical Description",{"url":110,"sources":111,"tags":112},"https://security.netapp.com/advisory/ntap-20220119-0001/",[83,77],[87],{"url":114,"sources":115,"tags":116},"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/",[83,77],[],{"url":118,"sources":119,"tags":120},"https://nvd.nist.gov/vuln/detail/CVE-2021-42392",[84],[121],"Advisory",{"url":123,"sources":124,"tags":125},"https://github.com/h2database/h2database",[84],[126],"PACKAGE",{"url":128,"sources":129,"tags":130},"https://github.com/h2database/h2database/releases/tag/version-2.0.206",[84],[88],{"url":132,"sources":133,"tags":134},"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console",[84],[88],{"url":136,"sources":137,"tags":138},"https://security.netapp.com/advisory/ntap-20220119-0001",[84],[88],{"url":140,"sources":141,"tags":142},"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console",[84],[88],[],{"date":145,"score":73,"percentile":146},"2026-06-04",0.99632,[148,152,154,156,159,162,164,166,168,170,173,175,177,179,181,185,188,191,194,196,199,202,204,206,208,210,212,214,218,221,223,225,227,229,231,233,235,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,283,285,287,289,291,293,295,297,299,302,304,306,308,311,314,316,319,321,323,325,329,331,333,336,338,341,343,345,347,349,351],{"date":149,"score":150,"percentile":151},"2025-11-04",0.91037,0.99616,{"date":153,"score":150,"percentile":151},"2025-11-05",{"date":155,"score":150,"percentile":151},"2025-11-06",{"date":157,"score":150,"percentile":158},"2025-11-07",0.99614,{"date":160,"score":150,"percentile":161},"2025-11-08",0.99613,{"date":163,"score":150,"percentile":161},"2025-11-09",{"date":165,"score":150,"percentile":161},"2025-11-10",{"date":167,"score":150,"percentile":161},"2025-11-11",{"date":169,"score":150,"percentile":161},"2025-11-12",{"date":171,"score":150,"percentile":172},"2025-11-13",0.99612,{"date":174,"score":150,"percentile":172},"2025-11-14",{"date":176,"score":150,"percentile":172},"2025-11-15",{"date":178,"score":150,"percentile":172},"2025-11-16",{"date":180,"score":150,"percentile":172},"2025-11-17",{"date":182,"score":183,"percentile":184},"2025-11-18",0.64182,0.98425,{"date":186,"score":183,"percentile":187},"2025-11-19",0.98426,{"date":189,"score":183,"percentile":190},"2025-11-20",0.98428,{"date":192,"score":150,"percentile":193},"2025-11-21",0.99611,{"date":195,"score":150,"percentile":193},"2025-11-22",{"date":197,"score":150,"percentile":198},"2025-11-23",0.9961,{"date":200,"score":150,"percentile":201},"2025-11-24",0.99609,{"date":203,"score":150,"percentile":198},"2025-11-25",{"date":205,"score":150,"percentile":198},"2025-11-26",{"date":207,"score":150,"percentile":193},"2025-11-27",{"date":209,"score":150,"percentile":198},"2025-11-28",{"date":211,"score":150,"percentile":198},"2025-11-29",{"date":213,"score":150,"percentile":193},"2025-11-30",{"date":215,"score":216,"percentile":217},"2025-12-01",0.90638,0.99597,{"date":219,"score":216,"percentile":220},"2025-12-02",0.99596,{"date":222,"score":216,"percentile":217},"2025-12-03",{"date":224,"score":150,"percentile":161},"2025-12-04",{"date":226,"score":150,"percentile":161},"2025-12-05",{"date":228,"score":150,"percentile":161},"2025-12-06",{"date":230,"score":150,"percentile":161},"2025-12-07",{"date":232,"score":150,"percentile":158},"2025-12-08",{"date":234,"score":150,"percentile":158},"2025-12-09",{"date":236,"score":150,"percentile":237},"2025-12-10",0.99615,{"date":239,"score":150,"percentile":158},"2025-12-11",{"date":241,"score":150,"percentile":158},"2025-12-12",{"date":243,"score":150,"percentile":158},"2025-12-13",{"date":245,"score":150,"percentile":158},"2025-12-14",{"date":247,"score":150,"percentile":161},"2025-12-15",{"date":249,"score":150,"percentile":158},"2025-12-16",{"date":251,"score":150,"percentile":237},"2025-12-17",{"date":253,"score":150,"percentile":158},"2025-12-18",{"date":255,"score":150,"percentile":237},"2025-12-19",{"date":257,"score":150,"percentile":158},"2025-12-20",{"date":259,"score":150,"percentile":158},"2025-12-21",{"date":261,"score":150,"percentile":237},"2025-12-22",{"date":263,"score":150,"percentile":158},"2025-12-23",{"date":265,"score":150,"percentile":158},"2025-12-24",{"date":267,"score":150,"percentile":158},"2025-12-25",{"date":269,"score":150,"percentile":237},"2025-12-26",{"date":271,"score":150,"percentile":151},"2025-12-27",{"date":273,"score":150,"percentile":237},"2025-12-28",{"date":275,"score":150,"percentile":237},"2025-12-29",{"date":277,"score":150,"percentile":237},"2025-12-30",{"date":279,"score":150,"percentile":237},"2025-12-31",{"date":281,"score":216,"percentile":282},"2026-01-01",0.99603,{"date":284,"score":216,"percentile":282},"2026-01-02",{"date":286,"score":216,"percentile":282},"2026-01-03",{"date":288,"score":150,"percentile":237},"2026-01-04",{"date":290,"score":150,"percentile":237},"2026-01-05",{"date":292,"score":150,"percentile":237},"2026-01-06",{"date":294,"score":150,"percentile":237},"2026-01-07",{"date":296,"score":150,"percentile":237},"2026-01-08",{"date":298,"score":150,"percentile":151},"2026-01-09",{"date":300,"score":150,"percentile":301},"2026-01-10",0.99617,{"date":303,"score":150,"percentile":301},"2026-01-11",{"date":305,"score":150,"percentile":301},"2026-01-12",{"date":307,"score":150,"percentile":301},"2026-01-13",{"date":309,"score":150,"percentile":310},"2026-01-14",0.99618,{"date":312,"score":150,"percentile":313},"2026-01-15",0.99619,{"date":315,"score":150,"percentile":313},"2026-01-16",{"date":317,"score":150,"percentile":318},"2026-01-17",0.9962,{"date":320,"score":150,"percentile":310},"2026-01-18",{"date":322,"score":150,"percentile":310},"2026-01-19",{"date":324,"score":150,"percentile":310},"2026-01-20",{"date":326,"score":327,"percentile":328},"2026-01-21",0.90773,0.99601,{"date":330,"score":327,"percentile":328},"2026-01-22",{"date":332,"score":327,"percentile":282},"2026-01-23",{"date":334,"score":327,"percentile":335},"2026-01-24",0.99604,{"date":337,"score":327,"percentile":335},"2026-01-25",{"date":339,"score":327,"percentile":340},"2026-01-26",0.99605,{"date":342,"score":327,"percentile":335},"2026-01-27",{"date":344,"score":327,"percentile":340},"2026-01-28",{"date":346,"score":327,"percentile":340},"2026-01-29",{"date":348,"score":327,"percentile":340},"2026-01-30",{"date":350,"score":327,"percentile":340},"2026-01-31",{"date":352,"score":353,"percentile":354},"2026-02-01",0.90344,0.99595,[356,362],{"source":77,"cvss_v2_0":357,"cvss_v3_0":9,"cvss_v3_1":358,"cvss_v4_0":9},{"baseScore":75,"baseSeverity":9,"vectorString":78,"impactScore":75,"exploitabilityScore":75},{"baseScore":359,"baseSeverity":360,"vectorString":361,"impactScore":359,"exploitabilityScore":75},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":363,"cvss_v4_0":9},{"baseScore":359,"baseSeverity":9,"vectorString":361,"impactScore":359,"exploitabilityScore":75},[365,378,393,404],{"ecosystem":9,"name":366,"vendor":367,"product":368,"cpe_part":369,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":370},"debian linux","debian","debian_linux","o",[371,374,376],{"version":372,"is_range":32,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":375,"is_range":32,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":377,"is_range":32,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":379,"vendor":380,"product":379,"cpe_part":381,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":382},"h2","h2database","a",[383,389],{"version":384,"is_range":385,"range_type":373,"version_start":386,"version_start_type":387,"version_end":388,"version_end_type":387,"fixed_in":9},"gte1.1.000_lte2.0.204",true,"1.1.000","including","2.0.204",{"version":390,"is_range":385,"range_type":83,"version_start":386,"version_start_type":387,"version_end":391,"version_end_type":392,"fixed_in":9},">= 1.1.000, \u003C *","*","excluding",{"ecosystem":394,"name":395,"vendor":396,"product":379,"cpe_part":9,"purl_type":397,"purl_namespace":396,"purl_name":379,"source":9,"versions":398},"Maven","com.h2database:h2","com.h2database","maven",[399],{"version":400,"is_range":385,"range_type":401,"version_start":402,"version_start_type":387,"version_end":403,"version_end_type":392,"fixed_in":9},"gte1_1_100_lt2_0_206","ecosystem","1.1.100","2.0.206",{"ecosystem":9,"name":405,"vendor":406,"product":407,"cpe_part":381,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},"communications cloud native core policy","oracle","communications_cloud_native_core_policy",[409],{"version":410,"is_range":32,"range_type":373,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.15.0"]