CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8862 – h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization
https://notcve.org/view.php?id=CVE-2024-8862
14 Sep 2024 — A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45758
https://notcve.org/view.php?id=CVE-2024-45758
06 Sep 2024 — H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors. • https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5979 – Denial of Service via Invalid Argument in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-5979
27 Jun 2024 — In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service. • https://huntr.com/bounties/d80a2139-fc03-44b7-b739-de41e323b458 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5550 – Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-5550
06 Jun 2024 — In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the enti... • https://huntr.com/bounties/e76372c2-39be-4984-a7c8-7048a75a25dc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1456 – S3 Bucket Takeover in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-1456
16 Apr 2024 — An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover. Se identificó una vulnerabilidad de toma de control del depósito S3 en el repositorio h2oai/h2o-3. El problema involucra al depósito S3 'http://s3.amazonaws.com/h2o-training', que resultó ser vulnerable a adquisiciones no autorizadas. • https://huntr.com/bounties/7c1b7f27-52f3-4b4b-9d81-e277f5e0ab6b • CWE-840: Business Logic Errors •