search

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Apache License 2.0
860 stars 178 forks source link

Spring Boot H2 Database - Remote Command Execution #465

Open shaikhyaser opened 2 months ago

shaikhyaser commented 2 months ago

I would like to contribute to the plugin with Spring Boot H2 Database - RCE

Exploit Reference: https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database/

tooryx commented 1 month ago

Hi @shaikhyaser,

Is this vulnerability affecting a specific set of versions of the H2 database or is it generic?

Cheers, ~tooryx