Lucene search
K

6 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

7.5CVSS7AI score0.00727EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.8 views

CVE-2024-8062 Denial of Service in h2oai/h2o-3

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...

7.5CVSS7.5AI score0.00446EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.56 views

CVE-2024-8062

CVE-2024-8062 affects the h2oai/h2o-3 package (version 3.46.0) via the typeahead endpoint. The vulnerability arises when the endpoint uses a HEAD request to verify resource existence without a timeout, which can be exploited by sending many requests to an attacker‑controlled server that hangs, ca...

7.5CVSS7.5AI score0.00446EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS0.00636EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS7.7AI score0.00636EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-7765 Denial of Service in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS7.4AI score0.00719EPSS
Exploits1References1
Rows per page
Query Builder