Vulnerabilities > H2O
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-14 | CVE-2024-8862 | Deserialization of Untrusted Data vulnerability in H2O 3.46.0.4 A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. | 9.8 |
| 2024-06-06 | CVE-2024-5550 | Unspecified vulnerability in H2O 3.40.0.4 In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. | 5.3 |
| 2023-12-14 | CVE-2023-6569 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 | 8.2 |
| 2023-11-16 | CVE-2023-6013 | Unspecified vulnerability in H2O H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. | 5.4 |
| 2023-11-16 | CVE-2023-6017 | Unspecified vulnerability in H2O H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | 7.1 |
| 2023-11-16 | CVE-2023-6038 | Missing Authorization vulnerability in H2O A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. | 7.5 |
| 2023-11-16 | CVE-2023-6016 | Unspecified vulnerability in H2O An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | 9.8 |