Researchers have warned of a new, critical Java flaw impacting the console of the popular H2 Java SQL database with the same root cause as the Log4Shell vulnerability in Apache Log4j.

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.

That allows for Java code injection of remote code execution. There are a number of attack vectors that could be used to exploit the vulnerability, the most severe being through the H2 console.