cvedb.io
CVE-2018-10054
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-04-11T20:29:00.860 · Last modified 2026-06-17T01:33:25.207

Summary

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."

Affected products

cognitect — datomic

Does this affect you?

Add your gear to cvedb and we'll alert you only when cognitect ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.