CVE-2018-10054 – com.datomic:datomic-free

Package

Manager: maven
Name: com.datomic:datomic-free
Vulnerable Version: >=0 <0.9.5697

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04733 pctl0.8899

Details

Improper Input Validation in Datomic H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code.

Metadata

Created: 2022-05-13T01:30:17Z
Modified: 2024-07-19T15:31:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9pf8-qqhm-7w64/GHSA-9pf8-qqhm-7w64.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-9pf8-qqhm-7w64
Finding: F184
Auto approve: 1