A colleague found this "CVE" report for H2. I agree with the H2 devs that it's a big joke of a CVE, but it's something we might want to add something to the documentation to discuss because it could cause grief for our users.
https://github.com/h2database/h2database/issues/3686
