Lucene search
K

16 matches found

NVD
NVD
added 2026/04/23 10:16 a.m.5 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS0.00938EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.6 views

EUVD-2024-55393

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.6 views

CVE-2024-5986 Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 10:36 a.m.21 views

CVE-2024-5986

CVE-2024-5986 affects h2oai/h2o-3 in version 3.46.0.1, where remote attackers can write arbitrary data to any file on the server by abusing the /3/Parse endpoint to inject data as the header of an empty file, then exporting it via /3/Frames/framename/export. This can lead to remote code execution...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5651

Name of the Vulnerable Software and Affected Versions h2o-3 version 3.46.0.1 Description A flaw exists in h2o-3 that permits remote attackers to write arbitrary data to any file on the server. The issue is due to exploiting the /3/Parse API endpoint to inject attacker-controlled data as the heade...

9.1CVSS9.1AI score0.00629EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-1927

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00787EPSS
Exploits1References3
CVE
CVE
added 2025/09/21 9:0 a.m.25 views

CVE-2025-6544

CVE-2025-6544 affects h2oai/h2o-3 up to version 3.46.0.8. The issue is a deserialization vulnerability that enables an attacker to read arbitrary system files and execute arbitrary code. Root cause: improper handling of JDBC connection parameters, exploitable via bypassing regular expression chec...

9.8CVSS9.5AI score0.00839EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/03/27 6:56 a.m.5 views

Deserialization Of Untrusted Data

H2O-3 is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe deserialization due to user-controlled JDBC URLs being passed to DriverManager.getConnection, which can trigger deserialization of untrusted data when MySQL or PostgreSQL drivers are available in the...

9.8CVSS7.1AI score0.01441EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/22 12:12 p.m.7 views

CVE-2024-10550

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.4 views

GHSA-WJPV-64V2-2QPQ H2O Vulnerable to Denial of Service (DoS) and File Write

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS5.9AI score0.00636EPSS
Exploits1References4
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10572

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS0.00636EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-10550

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS0.00588EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.59 views

CVE-2024-8616

CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...

8.2CVSS8.2AI score0.00514EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.53 views

CVE-2024-10572

CVE-2024-10572 affects h2oai/h2o-3 (v3.46.0.1). The vulnerability arises because the run_tool feature exposes classes in the water.tools package via the AST parser, enabling the XGBoostLibExtractTool . This can be exploited to shut down the server and write large files to arbitrary directories, r...

7.5CVSS7.7AI score0.00636EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12048 · H2O.Ai · H2O-3

Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 version 3.46.0.1 Description: The run tool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large...

7.5CVSS7.5AI score0.00636EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/12/16 12:0 a.m.12 views

H2O-3 Arbitrary File Overwrite (CVE-2024-6854)

An arbitrary file overwrite vulnerability exists in H2O-3. The endpoint that allows for exporting models & does not limit where models can be exported to. As such an attacker can export a model to any file in the server file structure, overwriting it, by simply using the force flag. Note that...

7.1CVSS7.1AI score0.00693EPSS
Exploits1References3
Rows per page
Query Builder