VYPR
← All advisories
Critical severityNVD Advisory· Published Nov 16, 2023· Updated Aug 29, 2024

Local File Inclusion in h2oai/h2o-3

CVE-2023-6038

Description

A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated LFI in H2O-3 REST API allows remote attackers to read arbitrary server files via ImportFiles and ParseSetup endpoints.

Vulnerability

Overview

CVE-2023-6038 describes a Local File Inclusion (LFI) vulnerability in the H2O-3 REST API. The root cause lies in insufficient input validation when handling file paths in the ImportFiles and ParseSetup endpoints. An unauthenticated attacker can manipulate parameters in GET or POST requests to these endpoints to include arbitrary files from the server's filesystem [1][2].

Exploitation

The attack surface is the REST API exposed by a default installation of H2O-3 version 3.40.0.4. No authentication or user interaction is required; a remote attacker simply sends crafted requests to the vulnerable endpoints. The vulnerability is available without any special configuration beyond the default deployment [2][3].

Impact

Successful exploitation allows the attacker to read any file on the server that the H2O-3 process has permission to access. This could expose sensitive configuration files, credentials, source code, or data loaded into the H2O-3 instance, leading to information disclosure and potentially further compromise of the environment [2][3].

Mitigation

As of the publication date, the vulnerability was identified in H2O-3 version 3.40.0.4. Users should update to a patched version as soon as it becomes available. No workaround is documented; restricting network access to the REST API may reduce risk but does not eliminate the vulnerability [2][3].

References
  1. GitHub - h2oai/h2o-3: H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.
  2. NVD - CVE-2023-6038
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ai.h2o:h2o-coreMaven
<= 3.40.0.4

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.