[Bug 1204521] VUL-0: CVE-2022-41853: hsqldb: Untrusted input may lead to RCE attack
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1204521
https://bugzilla.suse.com/show_bug.cgi?id=1204521#c7
David Anes
"If the system property "hsqldb.method_class_names" is not set, then static methods of available Java classes cannot be accessed as functions in HSQLDB. If the property is set, then only the list of semicolon separated method names becomes accessible. An empty property value means no class is accessible."
Previously, if "hsqldb.method_class_names" was not set, **THEN ALL METHODS WERE** available which is now the opposite. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com