Researchers have warned of a new, critical Java flaw impacting the console of the popular H2 Java SQL database with the same root cause as the Log4Shell vulnerability in Apache Log4j.

H2 is a widely-used open-source Java SQL database used for various projects ranging from web platforms like Spring Boot to IoT platforms like ThingWorks.

H2 is an open-source relational database management system written in Java. It can be embedded in Java applications or run in client-server mode.

Write, build, and run an example application that persists data to and from a relational database using Hibernate, JPA, and the repository pattern.

On that point, the JFrog team recommends that all users of the H2 database to upgrade to version 2.0.206, which fixes CVE-2021-42392 by limiting JNDI URLs to use the local java protocol only ...

All H2 users should upgrade to the newest version 2.0.206 which is patched for the flaw Researchers at software company JFrog have uncovered a new vulnerability affecting H2 database consoles that ...