2 matches found
GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
PT-2025-38661
Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.8 and earlier Description A deserialization issue exists in h2oai/h2o-3 versions 3.46.0.8 and earlier, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability is due to improp...