VYPR
← All advisories
Moderate severityNVD Advisory· Published Jun 6, 2024· Updated Oct 15, 2025

Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3

CVE-2024-5550

Description

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2024-5550 exposes the entire server filesystem via H2O-3's Typeahead API, allowing remote attackers to discover system paths without authentication.

Vulnerability

Overview

CVE-2024-5550 is an information disclosure vulnerability in h2oai/h2o-3 version 3.40.0.4. The root cause is an arbitrary system path lookup feature in the Typeahead API endpoint [1][2]. When a remote user sends a typeahead lookup request with the value '/', the API returns the root filesystem listing, including directories such as /home, /usr, /bin, and others. The API performs no authentication or authorization checks, making the vulnerability exploitable from the network without any prior access [2].

Exploitation

An attacker can exploit this vulnerability by crafting a simple HTTP request to the Typeahead API endpoint with a payload of '/'. The server responds with a directory listing of the root filesystem, revealing the full path structure of the host system. No special privileges or prior knowledge is required – any remote user can trigger the disclosure [2]. The vulnerability is trivially exploitable and can be automated.

Impact

The immediate impact is the exposure of sensitive system information, such as directory paths and file system layout, which helps an attacker map the server's environment. More critically, the advisory notes that this information disclosure can be combined with a Local File Inclusion (LFI) vulnerability to achieve full server compromise [2]. By knowing the exact file paths, an attacker could construct LFI payloads to read arbitrary files, potentially including configuration files, credentials, or application source code.

Mitigation

At the time of publication, no patch has been released for CVE-2024-5550. The vulnerability affects H2O-3 version 3.40.0.4. Users should monitor the official H2O-3 GitHub repository [1] for version updates. As a workaround, administrators can restrict network access to the Typeahead API endpoint using firewall rules or a reverse proxy, ensuring only trusted clients can reach the vulnerable endpoint.

References
  1. GitHub - h2oai/h2o-3: H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.
  2. NVD - CVE-2024-5550

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
h2oPyPI
<= 3.40.0.4

Affected products

2
  • ghsa-coords
    pkg:pypi/h2o
    Range: <= 3.40.0.4
  • h2oai/h2oai/h2o-3v5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.