H2 vulnerability root cause similar to Log4Shell, less exploitation scope Like Log4Shell, the flaw (CVE-2021-42392) relates to Java Naming and Directory Interface (JNDI) remote class loading.

H2 is a widely-used open-source Java SQL database used for various projects ranging from web platforms like Spring Boot to IoT platforms like ThingWorks.

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.

H2 is an open-source relational database management system written in Java. It can be embedded in Java applications or run in client-server mode.

Write, build, and run an example application that persists data to and from a relational database using Hibernate, JPA, and the repository pattern.

All H2 users should upgrade to the newest version 2.0.206 which is patched for the flaw Researchers at software company JFrog have uncovered a new vulnerability affecting H2 database consoles that ...