CVE-2018-10054

Summary

CVE	CVE-2018-10054
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-04-11 20:29:00 UTC
Updated	2023-11-09 06:15:00 UTC
Description	H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cognitect	Datomic	All	All	All	All
Application	Cognitect	Datomic	All	All	All	All
Application	H2database	H2	1.4.197	All	All	All
Application	H2database	H2	1.4.197	All	All	All

References

Reference	Source	Link	Tags
Important Security Update 0.9.5697 - Announcements - Datomic Developers	MISC	forum.datomic.com	Vendor Advisory
H2 Database - 'Alias' Arbitrary Code Execution - Java local Exploit	EXPLOIT-DB	www.exploit-db.com	Third Party Advisory, VDB Entry
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Remote code execution · Issue #3099 · h2database/h2database · GitHub		github.com
Pony Mail!		lists.apache.org
Datomic: Important Security Update For free: and dev: Storage Protocols	MISC	blog.datomic.com	Vendor Advisory
Sporadic NullPointerException in LobStorageMap in 1.4.199 · Issue #1808 · h2database/h2database · GitHub		github.com
CVE-2018-10054 CVSSv3 8.8! · Issue #1225 · h2database/h2database · GitHub		github.com
Gambler - Hacking and other stuffs	MISC	mthbernardes.github.io	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

730536 Atlassian Jira Service Management Server and Insight Asset Management Vulnerability (JSDSERVER-8716)