Potential Remote Code Execution Vulnerability Discovered In HyperSQL
A potential remote code execution vulnerability (CVE-2022-41853 [1]) was detected in HSQLDB with a critical CVSS base score of 9.8. All versions <= 2.7.0 are affected. More details, impact and remediation can be found in the Code Intelligence blog post [2].
HSQLDB is used by more than 3,113 Maven packages including LibreOffice, JBoss, Log4j, Hibernate, Spring-Boot (having thousands of usages with the potential having transitive risk), and enterprise software [3].
Sources
[1] https://cve.report/CVE-2022-41853
[2] https://www.code-intelligence.com/blog/potential-remote-code-execution-in-hsqldb
[3] https://mvnrepository.com/artifact/org.hsqldb/hsqldb/usages
Related Articles
Code Intelligence Raises $12M for Dev-First Security
We are thrilled to announce that we secured Series A funding of $12 Million and welcome Thomas Dohmke, CEO of GitHub as our new business angel.
Our Log4j Bug Detectors Are Now in Google’s OSS-Fuzz
Code Intelligence implemented bug detectors for Remote Code Execution Vulnerabilities (RCEs) into Google’s open-source fuzzing framework, OSS-Fuzz.
Open-Source: Jazzer Fixes 19 Bugs in Jsoup
With Jazzer, we were able to find over 19 Bugs in Jsoup. Jsoup is a popular open-source library used to parse, extract and manipulate data stored in HTML.