Lucene search
K

7 matches found

OSV
OSV
added 2025/03/20 12:32 p.m.1 views

GHSA-7QQ7-PVM9-X8RF H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS7.1AI score0.00588EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.7AI score0.00588EPSS
Exploits1References4Affected Software2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/ParseSetup endpoint, which could lead to a denial of service...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.9 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/16 6:30 p.m.45 views

H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS9.2AI score0.0434EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/16 4:6 p.m.17 views

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS7AI score0.0434EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/16 4:6 p.m.50 views

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS7.7AI score0.0434EPSS
Exploits1References1
Rows per page
Query Builder