H2 Vulnerability - more amusing than dangerous

Technical Discussion
1

This is sort of a PSA, but more of an amusing response to a CVE from the folks at H2:

https://github.com/advisories/GHSA-22wj-vf5f-wrvj

To save you a click:

NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."
1 Like
2

When I saw this I laughed.

This vulnerability is in every database CLI tool I’ve ever used: postgres and mysql both have this functionality.

1 Like