PyPI package
h2o
pkg:pypi/h2o
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5986 | Cri | 9.1 | <= 3.46.0.1 | — | Feb 2, 2026 | A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the `/ | |
| CVE-2025-6544 | — | <= 3.46.0.7 | — | Sep 21, 2025 | A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular exp | ||
| CVE-2024-10549 | — | >= 3.30.0.7, <= 3.46.0.1 | — | Mar 20, 2025 | A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simulta | ||
| CVE-2024-8062 | — | >= 3.2.0.1, <= 3.46.0 | — | Mar 20, 2025 | A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to a | ||
| CVE-2024-7768 | — | <= 3.46.1 | — | Mar 20, 2025 | A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own en | ||
| CVE-2024-6863 | — | >= 3.32.1.2, <= 3.46.0 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possib | ||
| CVE-2024-8616 | — | >= 3.10.4.1, <= 3.46.0 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to s | ||
| CVE-2024-10550 | — | >= 3.30.0.7, <= 3.46.0.1 | — | Mar 20, 2025 | A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular e | ||
| CVE-2024-6854 | — | >= 3.32.1.1, <= 3.46.0 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the targ | ||
| CVE-2024-10572 | — | >= 3.34.0.1, <= 3.46.0.1 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading t | ||
| CVE-2024-10553 | — | < 3.46.0.6 | 3.46.0.6 | Mar 20, 2025 | A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-control | ||
| CVE-2024-7765 | — | >= 3.32.1.2, <= 3.46.0.2 | — | Mar 20, 2025 | In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the | ||
| CVE-2024-45758 | — | <= 3.46.0.7 | — | Sep 6, 2024 | H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_u | ||
| CVE-2024-5979 | — | <= 3.46.0 | — | Jun 27, 2024 | In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of | ||
| CVE-2024-5550 | — | <= 3.40.0.4 | — | Jun 6, 2024 | In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides | ||
| CVE-2023-6569 | — | < 3.46.0.1 | 3.46.0.1 | Dec 14, 2023 | External Control of File Name or Path in h2oai/h2o-3 |
- affected <= 3.46.0.1
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the `/
- CVE-2025-6544Sep 21, 2025affected <= 3.46.0.7
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular exp
- CVE-2024-10549Mar 20, 2025affected >= 3.30.0.7, <= 3.46.0.1
A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simulta
- CVE-2024-8062Mar 20, 2025affected >= 3.2.0.1, <= 3.46.0
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to a
- CVE-2024-7768Mar 20, 2025affected <= 3.46.1
A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own en
- CVE-2024-6863Mar 20, 2025affected >= 3.32.1.2, <= 3.46.0
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possib
- CVE-2024-8616Mar 20, 2025affected >= 3.10.4.1, <= 3.46.0
In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to s
- CVE-2024-10550Mar 20, 2025affected >= 3.30.0.7, <= 3.46.0.1
A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular e
- CVE-2024-6854Mar 20, 2025affected >= 3.32.1.1, <= 3.46.0
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the targ
- CVE-2024-10572Mar 20, 2025affected >= 3.34.0.1, <= 3.46.0.1
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading t
- CVE-2024-10553Mar 20, 2025affected < 3.46.0.6fixed 3.46.0.6
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-control
- CVE-2024-7765Mar 20, 2025affected >= 3.32.1.2, <= 3.46.0.2
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the
- CVE-2024-45758Sep 6, 2024affected <= 3.46.0.7
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_u
- CVE-2024-5979Jun 27, 2024affected <= 3.46.0
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of
- CVE-2024-5550Jun 6, 2024affected <= 3.40.0.4
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides
- CVE-2023-6569Dec 14, 2023affected < 3.46.0.1fixed 3.46.0.1
External Control of File Name or Path in h2oai/h2o-3