Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 7:59 p.m.11 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

7.5CVSS5.8AI score0.00497EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 11:16 a.m.28 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

7.5CVSS0.00497EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 10:45 a.m.20 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS5.8AI score0.00497EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

7.5CVSS7AI score0.00727EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.15 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

7.5CVSS6.7AI score0.00727EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

H2O 资源管理错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.1, which stems from mishandling of the /3/ImportFiles endpoint and could lead to a denial of service...

7.5CVSS7.3AI score0.00727EPSS
Exploits1References1
OSV
OSV
added 2023/11/16 6:30 p.m.3 views

GHSA-6MV8-95X5-XCQ9 H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS6.1AI score0.0434EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/11/16 6:30 p.m.45 views

H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS9.2AI score0.0434EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/11/16 5:15 p.m.41 views

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS0.0434EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/11/16 4:6 p.m.17 views

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS7AI score0.0434EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/16 4:6 p.m.51 views

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

9.3CVSS7.7AI score0.0434EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.5 views

PT-2023-32489 · H2O-3 · H2O-3

Name of the Vulnerable Software and Affected Versions: h2o-3 version 3.40.0.4 Description: A Local File Inclusion LFI issue exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. Th...

9.3CVSS7.3AI score0.0434EPSS
Exploits1References6
Rows per page
Query Builder