PT-2024-36531 · H2O.Ai · H2O-3
Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 version 3.40.0.4 Description: The issue is caused by an arbitrary system path lookup feature, allowing any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the problem resides in the...