Hi, Yes, H2 can act as a compiler / interpreter and execute code... Same as Java: you can write a Java program that reads and writes files. And same as GCC (or any other compiler / interpreter). I wouldn't call this a "Security Vulnerability".
> https://codewhitesec.blogspot.com/2019/08/exploit-h2-database-native-libraries-jni.html The blog post makes it look like it was not intended to compile and execute code in H2... It is intended! It is part of the expected behavior. It is not "Exploiting", it is "Using". I would rename the title to Using H2 Database to execute code in native libraries and JNI Regards, Thomas On Thu, Feb 17, 2022 at 4:33 PM András Vereb <verebaw...@gmail.com> wrote: > Hi, > > Is this finding still relevant in 2022 with latest version 2.1.210? > code white | Blog: Exploiting H2 Database with native libraries and JNI > (codewhitesec.blogspot.com) > <https://codewhitesec.blogspot.com/2019/08/exploit-h2-database-native-libraries-jni.html> > > It is also listed under sonatype-2020-1324 even for latest release. > > Thank you for any comments! > > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to h2-database+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/h2-database/698d9280-52d1-4157-8be1-9a8829a2b90bn%40googlegroups.com > <https://groups.google.com/d/msgid/h2-database/698d9280-52d1-4157-8be1-9a8829a2b90bn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to h2-database+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/h2-database/CAKpgiBZa92NV8UCQZL8wqhQD3xWcgJMx%2BGb4zyFj37wfbJtqWg%40mail.gmail.com.