Security researchers have discovered a serious vulnerability in HyperSQL DataBase (HSQLDB) that poses a remote code execution (RCE) risk.
HSQLDB offers a Java-based SQL relational database system. The technology – which is the second most popular embedded SQL database with 100 million downloads to date – is used for development, testing, and deployment of database applications.
HSQLDB is used by more than 3,120 Maven packages including LibreOffice, JBoss, Log4j, Hibernate, and Spring-Boot as well as various enterprise software packages.
Security researchers from Code Intelligence discovered the RCE vulnerability (tracked as CVE-2022-41853 and rated with a near-maximum CVSS severity score of 9.8) after running a series of fuzzing tests.
