Researchers discover Log4j-like flaw in H2 database console


In the console of the immensely popular Java SQL database, H2 Database Engine, a vulnerability with the same fundamental cause as the wellknown Log4j bug has been addressed.

According to a GitHub security advisory provided by the H2 maintainers on January 5, the flaw (CVE202142392) “allows loading of custom classes from remote servers via JNDI.

Read More…