Maven package
ai.h2o/h2o-ext-xgboost
pkg:maven/ai.h2o/h2o-ext-xgboost
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-10572 | — | >= 3.34.0.1, <= 3.46.0.1 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading t |
- CVE-2024-10572Mar 20, 2025affected >= 3.34.0.1, <= 3.46.0.1
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading t