Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.2 views

fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6863 via h2o (=3.44.0.3)

h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6863 Source advisory: OSV:GHSA-M37H-8R48-2CXJ...

6.5CVSS6.5AI score0.0033EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.12 views

CVE-2024-6863

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS0.0033EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.54 views

CVE-2024-6863

CVE-2024-6863 affects h2oai/h2o-3 v3.46.0 through an endpoint exposing a custom EncryptionTool that allows an attacker to encrypt arbitrary files on the target server with a key of their choosing, with the key potentially overwritable and ransomware-like behavior described. The vulnerability’s im...

6.5CVSS6.5AI score0.0033EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS0.0033EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.5AI score0.0033EPSS
Exploits1References1
Rows per page
Query Builder