Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16577

Security Vulnerabilities in the "h2-1.4.197.jar"

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Blocker Blocker
    • 27.0.0.Alpha4, 27.0.0.Final
    • 26.1.1.Final
    • None
    • None
    • ---
    • ---

      In the "h2-1.4.197.jar", our security scan shows the below 3 vulnerabilities with score > 9.

      CVE-2022-23221(BDSA-2022-0186) 
      CVE-2021-42392(BDSA-2022-0048)
      CVE-2021-23463

      In the "wildfly-26.1.1.Final", the jar "h2-1.4.197.jar" path:

      /wildfly-26.1.1.Final/modules/system/layers/base/com/h2database/h2/main/h2-1.4.197.jar.

      Could you please advise how to proceed with this issue

      If our application is not consuming the "h2-1.4.197.jar", is it ok to remove from the "wildfly-26.1.1.Final". Please advise.

            bstansbe@redhat.com Brian Stansberry
            anareddy1507 Ananda Reddy C
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: