-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2018-14335 #1294
Comments
|
H2 is not intended to be used outside a secure environment, so we don't have any need for embargoes or such |
|
You're not going to tell us what the bug is that you found? |
|
What's the point if H2 is not intended to be used outside of secure environment? |
|
For the record, this requires Since the web console is a debugging tool and has a boatload of similar issues I do not intend to fix this. Email me or the person above if you feel like fixing such issues. |
|
@mikroskeem I have already. This is about the web console, which you should not be running in production. You should also be running H2 behind a firewall, like any other database server in existence. |
|
ossindex-maven-plugin has now added this to their fearmongering 😬 |
|
Tools of H2 Console used by exploit from CVE-2018-14335 are protected from unauthorized access since H2 1.4.198 Beta, this and all newer versions aren't affected by it. Issue about incorrectly reported vulnerability is here: |
Any idea of why OSSIndex seems to flag all versions of H2 to be still vulnerable to this even now in 2024? |
Please write me back on owodelta@protonmail.ch, need to talk about disclosure
The text was updated successfully, but these errors were encountered: