3 matches found
CVE-2023-6038
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-6038
creationtimestamp| type| source ---|---|--- 2023-12-23 15:16:30+00:00| seen| https://t.me/arpsyndicate/2138 2026-06-23 14:06:12+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/400078c7-f1f2-4300-ab2c-8ede66cc8682 2026-06-25 10:15:24+00:00| exploited| The...
CVE-2023-6038
CVE-2023-6038 describes a Local File Inclusion in the h2o-3 REST API (ImportFiles and ParseSetup endpoints). An unauthenticated attacker can read arbitrary files on the server with the h2o-3 process’s user permissions. Affected version identified in sources is 3.40.0.4. The issue is severity high...