CVE-2024-10553
CVE-2024-10553 affects h2oai/h2o-3 REST API 3.46.0.4. The issue lies in endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, enabling deserialization of untrusted data if a MySQL or PostgreSQL driver is present i...