External Control of File Name or Path in h2oai/h2o-3. Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1" if exporting as CSV
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 14 Dec 202313:15 | – | prion |
OSV | CVE-2023-6569 | 14 Dec 202313:15 | – | osv |
OSV | External Control of File Name or Path in h2oai/h2o-3 | 14 Dec 202315:30 | – | osv |
CVE | CVE-2023-6569 | 14 Dec 202313:15 | – | cve |
Veracode | External Control Of File Name Or Path | 19 Dec 202303:03 | – | veracode |
Cvelist | CVE-2023-6569 External Control of File Name or Path in h2oai/h2o-3 | 14 Dec 202312:59 | – | cvelist |
NVD | CVE-2023-6569 | 14 Dec 202313:15 | – | nvd |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo