[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-23221":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":59,"duplicate_of":9,"upstream":61,"downstream":62,"duplicates":83,"related":84,"reserved_at":9,"published_at":85,"modified_at":86,"state":87,"summary":88,"references_raw":95,"kevs":159,"epss":160,"epss_history":163,"metrics":408,"affected":419},"CVE-2022-23221","H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-88","Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","The product constructs a string for a command to be executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.","weakness","Draft","Base",[19,23,27,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-137","Parameter Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-174","Flash Parameter Injection",[],{"id":28,"name":29,"techniques":30},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":32,"name":33,"techniques":34},"CAPEC-460","HTTP Parameter Pollution (HPP)",[],{"id":36,"name":37,"techniques":38},"CAPEC-88","OS Command Injection",[],[40,49,54],{"_key":41,"name":42,"source":43,"url":44,"maturity":45,"reliability_score":46,"verified":47,"type":9,"platforms":48,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_7DD4383D2F1184FD","Exploit Reference (seclists.org)","reference","http://seclists.org/fulldisclosure/2022/Jan/39","unknown",0.2,false,[],{"_key":50,"name":51,"source":43,"url":52,"maturity":45,"reliability_score":46,"verified":47,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_609D5932690148E0","Exploit Reference (twitter.com)","https://twitter.com/d0nkey_man/status/1483824727936450564",[],{"_key":55,"name":56,"source":43,"url":57,"maturity":45,"reliability_score":46,"verified":47,"type":9,"platforms":58,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_18D31ED21224BB40","Exploit Reference (packetstormsecurity.com)","http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html",[],[60],"GHSA-45hx-wfhj-473x",[],[63,65,67,69,71,73,75,77,79,81],{"_key":64},"UBUNTU-CVE-2022-23221",{"_key":66},"USN-5365-1",{"_key":68},"DLA-2923-1",{"_key":70},"DSA-5076-1",{"_key":72},"DEBIAN-CVE-2022-23221",{"_key":74},"RHSA-2022:4918",{"_key":76},"RHSA-2022:4919",{"_key":78},"USN-6834-1",{"_key":80},"RHSA-2024:10208",{"_key":82},"RHSA-2024:10207",[],[],"2022-01-19T00:00:00.000Z","2025-05-05T16:27:07.353Z","Modified",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":89,"epss_score":90,"severity":89,"severity_score":91,"severity_version":92,"severity_source":93,"severity_vector":94,"severity_status":87},"high",0.26568,10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[96,106,111,115,120,124,129,132,136,141,145,150,155],{"url":97,"sources":98,"tags":101},"https://github.com/h2database/h2database/security/advisories",[99,93,100],"cve.org","osv_maven",[102,103,104,105],"Mitigation","Patch","Third Party Advisory","WEB",{"url":44,"sources":107,"tags":108},[99,93,100],[109,110,104,105],"Mailing List","Exploit",{"url":112,"sources":113,"tags":114},"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html",[99,93,100],[109,104,105],{"url":116,"sources":117,"tags":118},"https://www.debian.org/security/2022/dsa-5076",[99,93,100],[119,104,105],"Vendor Advisory",{"url":121,"sources":122,"tags":123},"https://www.oracle.com/security-alerts/cpuapr2022.html",[99,93,100],[103,104,105],{"url":125,"sources":126,"tags":127},"https://github.com/h2database/h2database/releases/tag/version-2.1.210",[99,93,100],[103,128,104,105],"Release Notes",{"url":52,"sources":130,"tags":131},[99,93,100],[110,104,105],{"url":57,"sources":133,"tags":134},[99,93,100],[110,104,135,105],"VDB Entry",{"url":137,"sources":138,"tags":139},"https://www.oracle.com/security-alerts/cpujul2022.html",[99,93,100],[140,105],"Not Applicable",{"url":142,"sources":143,"tags":144},"https://security.netapp.com/advisory/ntap-20230818-0011/",[99,93],[],{"url":146,"sources":147,"tags":148},"https://nvd.nist.gov/vuln/detail/CVE-2022-23221",[100],[149],"Advisory",{"url":151,"sources":152,"tags":153},"https://github.com/h2database/h2database",[100],[154],"PACKAGE",{"url":156,"sources":157,"tags":158},"https://security.netapp.com/advisory/ntap-20230818-0011",[100],[105],[],{"date":161,"score":90,"percentile":162},"2026-06-04",0.96432,[164,168,170,173,176,178,181,183,186,189,192,195,197,200,202,206,208,211,214,217,220,222,225,228,231,233,236,239,243,246,249,251,254,256,258,261,264,267,270,273,275,277,280,283,286,289,291,294,296,298,300,303,306,308,312,315,317,319,322,325,328,331,333,336,339,341,344,347,350,352,354,356,359,361,364,367,370,373,375,377,380,383,386,389,392,394,397,400,402,404],{"date":165,"score":166,"percentile":167},"2025-11-04",0.22202,0.95554,{"date":169,"score":166,"percentile":167},"2025-11-05",{"date":171,"score":166,"percentile":172},"2025-11-06",0.95557,{"date":174,"score":166,"percentile":175},"2025-11-07",0.95559,{"date":177,"score":166,"percentile":172},"2025-11-08",{"date":179,"score":166,"percentile":180},"2025-11-09",0.95556,{"date":182,"score":166,"percentile":172},"2025-11-10",{"date":184,"score":166,"percentile":185},"2025-11-11",0.95558,{"date":187,"score":166,"percentile":188},"2025-11-12",0.95561,{"date":190,"score":166,"percentile":191},"2025-11-13",0.95563,{"date":193,"score":166,"percentile":194},"2025-11-14",0.95564,{"date":196,"score":166,"percentile":188},"2025-11-15",{"date":198,"score":166,"percentile":199},"2025-11-16",0.95562,{"date":201,"score":166,"percentile":194},"2025-11-17",{"date":203,"score":204,"percentile":205},"2025-11-18",0.76357,0.99011,{"date":207,"score":204,"percentile":205},"2025-11-19",{"date":209,"score":204,"percentile":210},"2025-11-20",0.99012,{"date":212,"score":166,"percentile":213},"2025-11-21",0.95572,{"date":215,"score":166,"percentile":216},"2025-11-22",0.95571,{"date":218,"score":166,"percentile":219},"2025-11-23",0.95569,{"date":221,"score":166,"percentile":216},"2025-11-24",{"date":223,"score":166,"percentile":224},"2025-11-25",0.95573,{"date":226,"score":166,"percentile":227},"2025-11-26",0.95575,{"date":229,"score":166,"percentile":230},"2025-11-27",0.95577,{"date":232,"score":166,"percentile":227},"2025-11-28",{"date":234,"score":166,"percentile":235},"2025-11-29",0.95578,{"date":237,"score":166,"percentile":238},"2025-11-30",0.95576,{"date":240,"score":241,"percentile":242},"2025-12-01",0.20497,0.95362,{"date":244,"score":241,"percentile":245},"2025-12-02",0.95361,{"date":247,"score":241,"percentile":248},"2025-12-03",0.95363,{"date":250,"score":166,"percentile":230},"2025-12-04",{"date":252,"score":166,"percentile":253},"2025-12-05",0.95579,{"date":255,"score":166,"percentile":235},"2025-12-06",{"date":257,"score":166,"percentile":235},"2025-12-07",{"date":259,"score":166,"percentile":260},"2025-12-08",0.9558,{"date":262,"score":166,"percentile":263},"2025-12-09",0.95582,{"date":265,"score":166,"percentile":266},"2025-12-10",0.95587,{"date":268,"score":166,"percentile":269},"2025-12-11",0.95589,{"date":271,"score":166,"percentile":272},"2025-12-12",0.95593,{"date":274,"score":166,"percentile":272},"2025-12-13",{"date":276,"score":166,"percentile":272},"2025-12-14",{"date":278,"score":166,"percentile":279},"2025-12-15",0.95596,{"date":281,"score":166,"percentile":282},"2025-12-16",0.95598,{"date":284,"score":166,"percentile":285},"2025-12-17",0.95601,{"date":287,"score":166,"percentile":288},"2025-12-18",0.95603,{"date":290,"score":166,"percentile":288},"2025-12-19",{"date":292,"score":166,"percentile":293},"2025-12-20",0.95604,{"date":295,"score":166,"percentile":293},"2025-12-21",{"date":297,"score":166,"percentile":288},"2025-12-22",{"date":299,"score":166,"percentile":293},"2025-12-23",{"date":301,"score":166,"percentile":302},"2025-12-24",0.95608,{"date":304,"score":166,"percentile":305},"2025-12-25",0.95612,{"date":307,"score":166,"percentile":305},"2025-12-26",{"date":309,"score":310,"percentile":311},"2025-12-27",0.27505,0.96279,{"date":313,"score":166,"percentile":314},"2025-12-28",0.95611,{"date":316,"score":166,"percentile":305},"2025-12-29",{"date":318,"score":166,"percentile":305},"2025-12-30",{"date":320,"score":166,"percentile":321},"2025-12-31",0.95616,{"date":323,"score":241,"percentile":324},"2026-01-01",0.95406,{"date":326,"score":241,"percentile":327},"2026-01-02",0.95402,{"date":329,"score":241,"percentile":330},"2026-01-03",0.95399,{"date":332,"score":166,"percentile":302},"2026-01-04",{"date":334,"score":90,"percentile":335},"2026-01-05",0.96154,{"date":337,"score":90,"percentile":338},"2026-01-06",0.96156,{"date":340,"score":90,"percentile":338},"2026-01-07",{"date":342,"score":90,"percentile":343},"2026-01-08",0.96158,{"date":345,"score":90,"percentile":346},"2026-01-09",0.96161,{"date":348,"score":90,"percentile":349},"2026-01-10",0.96163,{"date":351,"score":90,"percentile":349},"2026-01-11",{"date":353,"score":90,"percentile":349},"2026-01-12",{"date":355,"score":90,"percentile":346},"2026-01-13",{"date":357,"score":90,"percentile":358},"2026-01-14",0.96168,{"date":360,"score":90,"percentile":358},"2026-01-15",{"date":362,"score":90,"percentile":363},"2026-01-16",0.9617,{"date":365,"score":90,"percentile":366},"2026-01-17",0.96172,{"date":368,"score":90,"percentile":369},"2026-01-18",0.96174,{"date":371,"score":90,"percentile":372},"2026-01-19",0.96173,{"date":374,"score":90,"percentile":369},"2026-01-20",{"date":376,"score":90,"percentile":369},"2026-01-21",{"date":378,"score":90,"percentile":379},"2026-01-22",0.96175,{"date":381,"score":90,"percentile":382},"2026-01-23",0.96182,{"date":384,"score":90,"percentile":385},"2026-01-24",0.96184,{"date":387,"score":90,"percentile":388},"2026-01-25",0.96186,{"date":390,"score":90,"percentile":391},"2026-01-26",0.96187,{"date":393,"score":90,"percentile":391},"2026-01-27",{"date":395,"score":90,"percentile":396},"2026-01-28",0.96188,{"date":398,"score":90,"percentile":399},"2026-01-29",0.9619,{"date":401,"score":90,"percentile":399},"2026-01-30",{"date":403,"score":90,"percentile":399},"2026-01-31",{"date":405,"score":406,"percentile":407},"2026-02-01",0.26391,0.96207,[409,414,417],{"source":99,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":410,"cvss_v4_0":9},{"baseScore":411,"baseSeverity":412,"vectorString":413,"impactScore":411,"exploitabilityScore":91},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"source":93,"cvss_v2_0":415,"cvss_v3_0":9,"cvss_v3_1":416,"cvss_v4_0":9},{"baseScore":91,"baseSeverity":9,"vectorString":94,"impactScore":91,"exploitabilityScore":91},{"baseScore":411,"baseSeverity":412,"vectorString":413,"impactScore":411,"exploitabilityScore":91},{"source":100,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":418,"cvss_v4_0":9},{"baseScore":411,"baseSeverity":9,"vectorString":413,"impactScore":411,"exploitabilityScore":91},[420,433,445,455],{"ecosystem":9,"name":421,"vendor":422,"product":423,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"debian linux","debian","debian_linux","o",[426,429,431],{"version":427,"is_range":47,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":430,"is_range":47,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"version":432,"is_range":47,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":434,"vendor":435,"product":434,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"h2","h2database","a",[438],{"version":439,"is_range":440,"range_type":428,"version_start":441,"version_start_type":442,"version_end":443,"version_end_type":444,"fixed_in":9},"gte1.1.100_lt2.0.206",true,"1.1.100","including","2.0.206","excluding",{"ecosystem":446,"name":447,"vendor":448,"product":434,"cpe_part":9,"purl_type":449,"purl_namespace":448,"purl_name":434,"source":9,"versions":450},"Maven","com.h2database:h2","com.h2database","maven",[451],{"version":452,"is_range":440,"range_type":453,"version_start":9,"version_start_type":9,"version_end":454,"version_end_type":444,"fixed_in":9},"lt2_1_210","ecosystem","2.1.210",{"ecosystem":9,"name":456,"vendor":457,"product":458,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"communications cloud native core console","oracle","communications_cloud_native_core_console",[460],{"version":461,"is_range":47,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.9.0"]