Lucene search

GoogleOSV:GHSA-GQRQ-J6PM-98C2

HistoryDec 14, 2023 - 3:30 p.m.

External Control of File Name or Path in h2oai/h2o-3

2023-12-1415:30:22

Google

osv.dev

external control

file name path

security vulnerability

unauthenticated attack

attacker controllable data

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with “C1”, if they’re exporting as CSV.

CPENameOperatorVersion
h2oeq3.18.0.11
h2oeq3.26.0.11
h2oeq3.16.0.3
h2oeq3.30.0.7
h2oeq3.32.0.2
h2oeq3.24.0.3
h2oeq3.32.0.5
h2oeq3.22.1.2
h2oeq3.40.0.1
h2oeq3.38.0.2

Name	Operator	Version
h2o	eq	3.18.0.11
h2o	eq	3.26.0.11
h2o	eq	3.16.0.3
h2o	eq	3.30.0.7
h2o	eq	3.32.0.2
h2o	eq	3.24.0.3
h2o	eq	3.32.0.5
h2o	eq	3.22.1.2
h2o	eq	3.40.0.1
h2o	eq	3.38.0.2

Rows per page:

1-10 of 1101

References

github.com/h2oai/h2o-3

huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c

nvd.nist.gov/vuln/detail/CVE-2023-6569

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:GHSA-GQRQ-J6PM-98C2