Lucene search

K

External Control of File Name or Path in h2oai/h2o-3

🗓️ 14 Dec 2023 15:22:30Reported by GitHub Advisory DatabaseType 
github
 github
🔗 github.com👁 18 Views

External Control of File Name or Path in h2oai/h2o-3. Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1" if exporting as CSV

Show more
Related
Detection
Refs
ReporterTitlePublishedViews
Family
Prion
Design/Logic Flaw
14 Dec 202313:15
prion
OSV
CVE-2023-6569
14 Dec 202313:15
osv
OSV
External Control of File Name or Path in h2oai/h2o-3
14 Dec 202315:30
osv
CVE
CVE-2023-6569
14 Dec 202313:15
cve
Veracode
External Control Of File Name Or Path
19 Dec 202303:03
veracode
Cvelist
CVE-2023-6569 External Control of File Name or Path in h2oai/h2o-3
14 Dec 202312:59
cvelist
NVD
CVE-2023-6569
14 Dec 202313:15
nvd
Vulners
Node
h2oh2oRange3.44.0.2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Dec 2023 15:30Current
7.1High risk
Vulners AI Score7.1
EPSS0.001
18
.json
Report