VYPR

Maven package

ai.h2o/h2o-ext-xgboost

pkg:maven/ai.h2o/h2o-ext-xgboost

Vulnerabilities (1)

  • CVE-2024-10572Mar 20, 2025
    affected >= 3.34.0.1, <= 3.46.0.1

    In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading t