7 matches found
CVE-2024-7768
A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...
H2O 资源管理错误漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.1, which stems from mishandling of the /3/ImportFiles endpoint and could lead to a denial of service...
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...
H2O local file inclusion vulnerability
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-6038 Local File Inclusion in h2oai/h2o-3
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
PT-2023-32489 · H2O-3 · H2O-3
Name of the Vulnerable Software and Affected Versions: h2o-3 version 3.40.0.4 Description: A Local File Inclusion LFI issue exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. Th...