You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please see the issue ticket in the original repository here as well as the developers comment: h2database/h2database#3012
TLDR: The default configuration prevents a RCE, the library is not used in such a capability in JImage hash and is only an optional dependency. No patch version from h2 is and will be made available. The report is a false positive and can be ignored if you do not manually open up the h2 to the web and alter the settings manually.
The text was updated successfully, but these errors were encountered:
According to Synk a critical vulnerability for h2 exists: https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-31685?utm_medium=Partner&utm_source=RedHat&utm_campaign=Code-Ready-Analytics-2020&utm_content=vuln/SNYK-JAVA-COMH2DATABASE-31685
Please see the issue ticket in the original repository here as well as the developers comment: h2database/h2database#3012
TLDR: The default configuration prevents a RCE, the library is not used in such a capability in JImage hash and is only an optional dependency. No patch version from h2 is and will be made available. The report is a false positive and can be ignored if you do not manually open up the h2 to the web and alter the settings manually.
The text was updated successfully, but these errors were encountered: