Denial of Service and Arbitrary File Write in h2oai/h2o-3
Description
In h2oai/h2o-3 version 3.46.0.1, the run_tool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The run_tool command in H2O-3 exposes XGBoostLibExtractTool, allowing remote attackers to shut down the server or write large files, causing denial of service.
Vulnerability
Overview In h2oai/h2o-3 version 3.46.0.1, the run_tool command exposes classes in the water.tools package through the ast parser, including the XGBoostLibExtractTool class [1][2]. This tool is intended for extracting XGBoost libraries but can be misused to shut down the server or write large files to arbitrary directories, leading to denial of service [2].
Exploitation
Details An attacker with network access to the H2O-3 server can invoke the run_tool command without authentication, triggering the XGBoostLibExtractTool [3]. The exploitation does not require any prior knowledge or privileges, making it a critical issue for exposed instances [4].
Impact
Successful exploitation results in denial of service by crashing the server or consuming disk space with large file writes. No data confidentiality or integrity impact is reported [2].
Mitigation
Users should upgrade to a patched version as soon as available, or restrict access to the run_tool command via network segmentation or authentication. Meanwhile, monitor for official advisories from H2O.ai.
- GitHub - h2oai/h2o-3: H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.
- NVD - CVE-2024-10572
- h2o-3/h2o-extensions/xgboost/src/main/java/water/tools/XGBoostLibExtractTool.java at 5e45e780f597961bda73adff765976db975f204b · h2oai/h2o-3
- The world’s first bug bounty platform for AI/ML
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
h2oPyPI | >= 3.34.0.1, <= 3.46.0.1 | — |
ai.h2o:h2o-ext-xgboostMaven | >= 3.34.0.1, <= 3.46.0.1 | — |
Affected products
4- ghsa-coords2 versions
>= 3.34.0.1, <= 3.46.0.1+ 1 more
- (no CPE)range: >= 3.34.0.1, <= 3.46.0.1
- (no CPE)range: >= 3.34.0.1, <= 3.46.0.1
- h2oai/h2oai/h2o-3v5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-wjpv-64v2-2qpqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-10572ghsaADVISORY
- github.com/h2oai/h2o-3/blob/5e45e780f597961bda73adff765976db975f204b/h2o-extensions/xgboost/src/main/java/water/tools/XGBoostLibExtractTool.javaghsaWEB
- huntr.com/bounties/db8939a0-9be8-4d0f-a8b0-1bd181666da2ghsaWEB
News mentions
0No linked articles in our index yet.