That allows for Java code injection of remote code execution. There are a number of attack vectors that could be used to exploit the vulnerability, the most severe being through the H2 console.

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

All H2 users should upgrade to the newest version 2.0.206 which is patched for the flaw Researchers at software company JFrog have uncovered a new vulnerability affecting H2 database consoles that ...

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.