8 matches found
CVE-2024-6854
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...
fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6854 via h2o (=3.44.0.3)
h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6854 Source advisory: OSV:GHSA-47F6-5P7H-5F3H...
ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.11), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.11) +49 more potentially affected by CVE-2024-6854 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)
ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.11 and more Source cves: CVE-2024-6854 Source advisory: SNYK:JAVA-AIH2O-9486740...
CVE-2024-6854
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...
CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...
CVE-2024-6854
CVE-2024-6854 affects h2oai/h2o-3 (v3.46.0). The export-model endpoint does not restrict the destination path, enabling an attacker to export a model to arbitrary locations on the server’s filesystem and overwrite files. The overwrite target content is not controllable by the attacker, but the at...
CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...
H2O-3 Arbitrary File Overwrite (CVE-2024-6854)
An arbitrary file overwrite vulnerability exists in H2O-3. The endpoint that allows for exporting models & does not limit where models can be exported to. As such an attacker can export a model to any file in the server file structure, overwriting it, by simply using the force flag. Note that...