How to fix or avoid CVE-2018-14335 H2 Security Issue?

Asked Sep 02 '22 at 09:43

Active Sep 02 '22 at 09:43

Viewed 145 times

In my Spring Boot 2 Project, I use H2 in memory Database.

My Nexus IQ Security Scan alerting about CVE-2018-14335. I dont understand the cause of this, so I cant fix it. I also dont understand the Explanation by Nexus-IQ.

Webconsole is deactivated
Newest H2 Version is used
Spring Boot 2.6.6 is used

Can someone explain me in a easy language what exactly the problem is and or how to fix it in Spring Boot?

asked Sep 02 '22 at 09:43

Tristate

1,498
2
18
38

1

The check is, as often, flawed. It checks transitive dependencies and probably one of those depends on an older H2 version. Could even be Spring Boot as 2.6 still uses H2 1.4 and not the newest H2 v2 (which breaks backwards compatibility). – M. Deinum Sep 02 '22 at 09:48
1

This vulnerability only affects faulty applications with H2 Console from H2 1.4.197 or older version opened for everyone (H2 Console by default doesn't allow remote access, a special configuration is needed), so your application isn't affected by it. – Evgenij Ryazanov Sep 02 '22 at 10:06

How to fix or avoid CVE-2018-14335 H2 Security Issue?

0 Answers0