Lucene search
+L

8 matches found

redhatcve
redhatcve
added 2025/03/22 11:44 a.m.14 views

CVE-2024-6854

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6.7AI score0.00693EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/03/20 12:32 p.m.4 views

fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6854 via h2o (=3.44.0.3)

h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6854 Source advisory: OSV:GHSA-47F6-5P7H-5F3H...

7.1CVSS7AI score0.00693EPSS
Exploits1
vulnersosv
vulnersosv
added 2025/03/20 12:32 p.m.11 views

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.11), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.11) +49 more potentially affected by CVE-2024-6854 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.11 and more Source cves: CVE-2024-6854 Source advisory: SNYK:JAVA-AIH2O-9486740...

7.1CVSS7AI score0.00693EPSS
Exploits1
nvd
nvd
added 2025/03/20 10:15 a.m.12 views

CVE-2024-6854

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS0.00693EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS0.00693EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:9 a.m.74 views

CVE-2024-6854

CVE-2024-6854 affects h2oai/h2o-3 (v3.46.0). The export-model endpoint does not restrict the destination path, enabling an attacker to export a model to arbitrary locations on the server’s filesystem and overwrite files. The overwrite target content is not controllable by the attacker, but the at...

7.1CVSS6.9AI score0.00693EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.9 views

CVE-2024-6854 Arbitrary File Overwrite in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6.9AI score0.00693EPSS
Exploits1References1
nessus
nessus
added 2024/12/16 12:0 a.m.14 views

H2O-3 Arbitrary File Overwrite (CVE-2024-6854)

An arbitrary file overwrite vulnerability exists in H2O-3. The endpoint that allows for exporting models & does not limit where models can be exported to. As such an attacker can export a model to any file in the server file structure, overwriting it, by simply using the force flag. Note that...

7.1CVSS7.1AI score0.00693EPSS
Exploits1References3
Rows per page
Query Builder