xs996 opened a new issue, #30656: URL: https://github.com/apache/shardingsphere/issues/30656
## Bug Report **For English only**, other languages will not accept. Before report a bug, make sure you have: - Searched open and closed [GitHub issues](https://github.com/apache/shardingsphere/issues). - Read documentation: [ShardingSphere Doc](https://shardingsphere.apache.org/document/current/en/overview). Please pay attention on issues you submitted, because we maybe need more details. If no response anymore and we cannot reproduce it on current information, we will **close it**. Please answer these questions before submitting your issue. Thanks! ### Which version of ShardingSphere did you use? shardingsphere-jdbc-core 5.4.1 ### Which project did you use? ShardingSphere-JDBC or ShardingSphere-Proxy? ShardingSphere-JDBC ### Expected behavior snyk scan passed ### Actual behavior snyk reported a high issue about h2database ### Reason analyze (If you can) When we use h2database, snyk provides a high issue, and prompts that it cannot be repaired, The following is a detailed report: _Affected versions of this package are vulnerable to Remote Code Execution (RCE). It provides a web console for managing the database, and by default it does not have a password set. The CREATE ALIAS function calls Java code, allowing an attacker to execute arbitrary Java code on projects running the h2 database. Snyk report link: https://security.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-31685 ### Steps to reproduce the behavior, such as: SQL to execute, sharding rule configuration, when exception occur etc. snyk monitor ### Example codes for reproduce this issue (such as a github link). **Snyk report link: https://security.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-31685** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
