Fair enough! That sounds to me like the hole that needs to be blocked. On 10 August 2018 at 07:29, Delta <deltaflu...@gmail.com> wrote:
> You need admin, but you can gain such privileges by just creating new db > and for this you dont need to be admin. > > чт, 9 авг. 2018 г. в 22:21, Kerry Sainsbury <ke...@fidelma.com>: > >> I would say that it can be dealt with by the user already. >> >> 1. Apparently "Admin rights are required to execute this command" -- >> therefore only give admin rights to users who should have them. >> 2. Also, you can constrain the classes that can be loaded via >> h2.allowedClasses >> <http://www.h2database.com/html/advanced.html?highlight=authentication&search=authe#restricting_classes> >> >> Is that sufficient? >> >> >> On 9 August 2018 at 21:44, Thomas Mueller Graf < >> thomas.tom.muel...@gmail.com> wrote: >> >>> Hi, >>> >>> See the CVE: Datomic was fixed. >>> >>> Regards, >>> Thomas >>> >>> >>> On Thu, Aug 9, 2018 at 11:36 AM Thomas Mueller Graf < >>> thomas.tom.muel...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> > H2 1.4.197, as used in Datomic before 0.9.5697 and other products >>>> >>>> I think the point here is "as used in Datomic ... and other products". >>>> >>>> You could say that "bash" is vulnerable "as used in <product xyz>". The >>>> problem to me seems not in H2, but in <product xyz>, that uses H2 in a way >>>> that is not secure. >>>> >>>> On Thu, Aug 9, 2018 at 11:32 AM Christian Jonigkeit < >>>> jonigk...@gmail.com> wrote: >>>> >>>>> Is there a schedule for dealing with https://www.cvedetails. >>>>> com/cve/CVE-2018-10054/ ? >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "H2 Database" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to h2-database+unsubscr...@googlegroups.com. >>>>> To post to this group, send email to h2-database@googlegroups.com. >>>>> Visit this group at https://groups.google.com/group/h2-database. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "H2 Database" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to h2-database+unsubscr...@googlegroups.com. >>> To post to this group, send email to h2-database@googlegroups.com. >>> Visit this group at https://groups.google.com/group/h2-database. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "H2 Database" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to h2-database+unsubscr...@googlegroups.com. >> To post to this group, send email to h2-database@googlegroups.com. >> Visit this group at https://groups.google.com/group/h2-database. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to h2-database+unsubscr...@googlegroups.com. > To post to this group, send email to h2-database@googlegroups.com. > Visit this group at https://groups.google.com/group/h2-database. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to h2-database+unsubscr...@googlegroups.com. To post to this group, send email to h2-database@googlegroups.com. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
