Lucene search

K

Veracode Vulnerability DatabaseVERACODE:37484

HistoryOct 11, 2022 - 2:15 a.m.

Remote Code Execution

2022-10-1102:15:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

19

hypersql database

remote code execution

vulnerability

supportsjavamethod function

hsqldatabaseproperties.java

untrusted input process

attacker

system

EPSS

0.013

Percentile

85.7%

HyperSQL Database is vulnerable to remote code execution. The vulnerability exists in the supportsJavaMethod function of HsqlDatabaseProperties.java due to the untrusted input process allowing an attacker to execute remote codes in the system.

References

hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control

bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7

github.com/advisories/GHSA-77xx-rxvh-q682

github.com/ryenus/hsqldb/commit/b6719c67b41eb9298c2451ad2829bf03b262a941

lists.debian.org/debian-lts-announce/2022/12/msg00020.html

sourceforge.net/p/hsqldb/svn/6614/tree//base/trunk/src/org/hsqldb/persist/HsqlDatabaseProperties.java

www.debian.org/security/2023/dsa-5313

EPSS

0.013

Percentile

85.7%

Related for VERACODE:37484

nessus15 cnvd1 osv3 ubuntucve1 debiancve1 prion1 redhatcve1 cve1 openvas4 debian2 redhat8 oraclelinux2 suse1 ibm5 cvelist1 centos1 amazon2 nvd1 github1 veracode1 qualysblog1 oracle3