{"id":"CVE-2018-14335","details":"An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.","modified":"2026-04-10T04:05:49.047876Z","published":"2018-07-24T13:29:00.603Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240726-0003/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45105/"},{"type":"EVIDENCE","url":"https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/h2database/h2database","events":[{"introduced":"0"},{"last_affected":"c8a861bb1a3f04967ec40cb5e3336535c43af5fb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.197"}]}}],"versions":["version-1.4.188","version-1.4.190","version-1.4.192","version-1.4.193","version-1.4.194","version-1.4.195","version-1.4.197"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14335.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}