Hi everyone, There is a recently published exploit POC here: https://www.exploit-db.com/exploits/45506/
Apparently it works on the latest version, 1.4.197. In brief, you connect with default credentials to a *new* database, and then create an alias that runs a system command. What is the recommended remediation for this? Is there a code fix planned? If it can be prevented through configuration changes can the appropriate configuration setting be made the default? Thanks! 0xd13a -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
