Log4Shell like Critical vulnerability(CVE-2021-42392) in H2 database (keycloak use it as default), is keycloak affected by it?

sunil · January 21, 2022, 12:43pm

Could you please let me know if Keycloak is affected by H2 Log4Sheel like critical vulnerability( CVE-2021-42392 )?

If affected what are the plans for upgrading H2 to the latest non-vulnerable in Keycloak.

lombao · January 27, 2022, 3:59pm

perhjaps this can help

Topic		Replies	Views
Is Keycloak affected by CVE-2022-46364?	0	356	January 16, 2023
Keycloak Log4J 1.2.x vulnerability Configuring the server	0	3048	July 16, 2021
Avoiding Keycloak Security Vulnerabilities Getting advice	2	687	April 26, 2022
What is the impact of CVE-2020-36518 on Keycloak 15.1.1 Securing applications	1	564	May 5, 2022
CVE-2020-1714 remote code execution before Keycloak 11 Getting advice	5	2007	June 10, 2020