Re: [h2] Exploiting H2 Database with native libraries and JNI

2022-02-17 Thread Thomas Mueller Graf 
Hi,

Yes, H2 can act as a compiler / interpreter and execute code... Same as
Java: you can write a Java program that reads and writes files. And same as
GCC (or any other compiler / interpreter). I wouldn't call this a "Security
Vulnerability".

>
https://codewhitesec.blogspot.com/2019/08/exploit-h2-database-native-libraries-jni.html

The blog post makes it look like it was not intended to compile and execute
code in H2... It is intended! It is part of the expected behavior. It is
not "Exploiting", it is "Using". I would rename the title to

Using H2 Database to execute code in native libraries and JNI

Regards,
Thomas



On Thu, Feb 17, 2022 at 4:33 PM András Vereb  wrote:

> Hi,
>
> Is this finding still relevant in 2022 with latest version 2.1.210?
> code white | Blog: Exploiting H2 Database with native libraries and JNI
> (codewhitesec.blogspot.com)
> 
>
> It is also listed under sonatype-2020-1324 even for latest release.
>
> Thank you for any comments!
>
> --
> You received this message because you are subscribed to the Google Groups
> "H2 Database" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to h2-database+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/h2-database/698d9280-52d1-4157-8be1-9a8829a2b90bn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups "H2 
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/h2-database/CAKpgiBZa92NV8UCQZL8wqhQD3xWcgJMx%2BGb4zyFj37wfbJtqWg%40mail.gmail.com.

[h2] Exploiting H2 Database with native libraries and JNI

2022-02-17 Thread András Vereb 
Hi,

Is this finding still relevant in 2022 with latest version 2.1.210?
code white | Blog: Exploiting H2 Database with native libraries and JNI 
(codewhitesec.blogspot.com) 


It is also listed under sonatype-2020-1324 even for latest release.

Thank you for any comments!

-- 
You received this message because you are subscribed to the Google Groups "H2 
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to h2-database+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/h2-database/698d9280-52d1-4157-8be1-9a8829a2b90bn%40googlegroups.com.