Denial of Service in h2oai/h2o-3
Description
A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in H2O-3's /3/ImportFiles endpoint allows an attacker to exhaust the server request queue by recursively setting the path parameter.
Vulnerability
Overview
The /3/ImportFiles endpoint in h2oai/h2o-3 version 3.46.1 contains a vulnerability that can be exploited to cause a denial of service [1][2]. The endpoint accepts a single GET parameter, path, and processes it to import files. The flaw lies in the endpoint's handling of the path parameter, which can be set to reference the endpoint itself recursively [2].
Exploitation
Details
An attacker can exploit this by crafting a GET request to /3/ImportFiles where the path parameter is set to a value that causes the server to call its own endpoint repeatedly [2]. As the description indicates, setting path to reference itself leads the server to recursively invoke the ImportFiles handler, generating an endless chain of internal requests. This does not require authentication, making it exploitable by any remote attacker who can reach the server [2].
The relevant source code is located in h2o-core/src/main/java/water/api/ImportFilesHandler.java [3]. The handler's implementation does not prevent recursive or self-referential path values, allowing an attacker to trigger uncontrolled recursion.
Impact
The immediate impact is denial of service: the recursive requests fill up the server's request queue, exhausting resources and preventing the server from handling legitimate user requests [2]. This can render the H2O-3 instance unavailable for machine learning tasks and other operations until the queue is cleared or the server is restarted.
Mitigation
Status
As of the publication date, no patch or workaround has been mentioned in the provided references. Users are advised to restrict network access to the /3/ImportFiles endpoint or apply input validation to prevent recursive path references [2]. The vulnerability is under review and may be addressed in future releases.
- GitHub - h2oai/h2o-3: H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.
- NVD - CVE-2024-7768
- h2o-3/h2o-core/src/main/java/water/api/ImportFilesHandler.java at 7d418fa19d3ab434f742818e37f891bef9102c97 · h2oai/h2o-3
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
h2oPyPI | <= 3.46.1 | — |
ai.h2o:h2o-coreMaven | <= 3.46.1 | — |
Affected products
4- ghsa-coords2 versions
<= 3.46.1+ 1 more
- (no CPE)range: <= 3.46.1
- (no CPE)range: <= 3.46.1
- h2oai/h2oai/h2o-3v5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.