Fair enough! That sounds to me like the hole that needs to be blocked. On 10 August 2018 at 07:29, Delta <[email protected]> wrote:
> You need admin, but you can gain such privileges by just creating new db > and for this you dont need to be admin. > > чт, 9 авг. 2018 г. в 22:21, Kerry Sainsbury <[email protected]>: > >> I would say that it can be dealt with by the user already. >> >> 1. Apparently "Admin rights are required to execute this command" -- >> therefore only give admin rights to users who should have them. >> 2. Also, you can constrain the classes that can be loaded via >> h2.allowedClasses >> <http://www.h2database.com/html/advanced.html?highlight=authentication&search=authe#restricting_classes> >> >> Is that sufficient? >> >> >> On 9 August 2018 at 21:44, Thomas Mueller Graf < >> [email protected]> wrote: >> >>> Hi, >>> >>> See the CVE: Datomic was fixed. >>> >>> Regards, >>> Thomas >>> >>> >>> On Thu, Aug 9, 2018 at 11:36 AM Thomas Mueller Graf < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> > H2 1.4.197, as used in Datomic before 0.9.5697 and other products >>>> >>>> I think the point here is "as used in Datomic ... and other products". >>>> >>>> You could say that "bash" is vulnerable "as used in <product xyz>". The >>>> problem to me seems not in H2, but in <product xyz>, that uses H2 in a way >>>> that is not secure. >>>> >>>> On Thu, Aug 9, 2018 at 11:32 AM Christian Jonigkeit < >>>> [email protected]> wrote: >>>> >>>>> Is there a schedule for dealing with https://www.cvedetails. >>>>> com/cve/CVE-2018-10054/ ? >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "H2 Database" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at https://groups.google.com/group/h2-database. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "H2 Database" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/h2-database. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "H2 Database" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/h2-database. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "H2 Database" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/h2-database. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
