Vulnerability in H2 database 

Issue date: 04-04-2022
Affects versions:

Security Issue ID

SECURITY-283

 

Affected Product Version(s)

all


Severity 

none


Description

CVE-2021-23463

CVE-2021-42392

CVE-2022-23221

CWE-94

There are a series of vulnerabilities (listed above) that affect the h2 database. However, we consider these to be false positives for brXM, because the H2 database is only intended for local development and not for production or networked test environments. None of the listed vulnerabilities are significant for a local-only development use case. As a reminder, Bloomreach strongly recommends against using h2 for networked deployments of any kind.

Instructions

Follow recommendations for deployments of test and production environments using a supported database type.