From 1c65377e44e279cab3d9ca659cb9f60f7c8e83d6 Mon Sep 17 00:00:00 2001 From: Lev Pachmanov <31389480+levpachmanov@users.noreply.github.com> Date: Thu, 2 Jul 2026 19:07:40 +0300 Subject: [PATCH] Improve GHSA-wm64-883p-84j3 --- .../GHSA-wm64-883p-84j3.json | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2022/05/GHSA-wm64-883p-84j3/GHSA-wm64-883p-84j3.json b/advisories/unreviewed/2022/05/GHSA-wm64-883p-84j3/GHSA-wm64-883p-84j3.json index ffbc97e77f38a..69517c9e20cc0 100644 --- a/advisories/unreviewed/2022/05/GHSA-wm64-883p-84j3/GHSA-wm64-883p-84j3.json +++ b/advisories/unreviewed/2022/05/GHSA-wm64-883p-84j3/GHSA-wm64-883p-84j3.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-wm64-883p-84j3", - "modified": "2024-07-28T15:31:28Z", + "modified": "2024-10-29T15:33:02Z", "published": "2022-05-13T01:19:07Z", "aliases": [ "CVE-2018-14335" ], + "summary": "Insecure Permissions", "details": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.", "severity": [ { @@ -13,7 +14,27 @@ "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.h2database:h2" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.1.100" + }, + { + "fixed": "1.4.198" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY",