H2O 代码注入漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 3.46.0.9 and earlier contained a code injection vulnerability. This vulnerability stemmed from insufficient security controls in the parameter blacklist mechanism. Attackers could...

fluoriclogppka (>=0.1.0 <=0.2.7), h2o-wave-ml (>=0.3.0 <=0.5.0) +3 more potentially affected by CVE-2024-5986 via h2o (>=3.18.0.8 <=3.44.0.3)

h2o PYPI version =3.18.0.8, =0.1.0, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

CVE-2022-35894

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...

Ubuntu 20.04 LTS / 22.04 LTS : H2O vulnerability (USN-7892-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7892-1 advisory. It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to...

USN-7892-1: H2O vulnerability

It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...

USN-7892-1 h2o vulnerability

It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...

EUVD-2017-2547

Malware in sbrugna...

EUVD-2018-1418

Malware in sbrugna...

EUVD-2017-2508

Malware in sbrugna...

EUVD-2016-2237

Malware in sbrugna...

EUVD-2016-5799

Malware in sbrugna...

amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2025-6544 via h2o (>=3.18.0.8 <=3.46.0.7)

h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.47.0.99999, which stems from a deserialization issue that could lead to arbitrary code execution and system file reads...

Linux Distros Unpatched Vulnerability : CVE-2023-41337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or...

CVE-2023-6013

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...

USN-7469-4: H2O vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...

GHSA-G48V-3P35-88JR H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

H2O Vulnerable to Arbitrary File Overwrite

In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...

fluoriclogppka (>=0.1.0 <=0.2.7), h2o-wave-ml (>=0.3.0 <=0.5.0) +3 more potentially affected by CVE-2024-8616 via h2o (>=3.18.0.8 <=3.44.0.3)

h2o PYPI version =3.18.0.8, =0.1.0, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-8616 Source advisory: OSV:GHSA-G48V-3P35-88JR...