VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Denial of Service in h2oai/h2o-3

CVE-2024-8062

Description

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
h2oPyPI
>= 3.2.0.1, <= 3.46.0
ai.h2o:h2o-coreMaven
>= 3.2.0.1, <= 3.46.0

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.