Vulnerabilities > H2O

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-6569 Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4
External Control of File Name or Path in h2oai/h2o-3
network
low complexity
h2o CWE-610
8.2
2023-11-16 CVE-2023-6013 Unspecified vulnerability in H2O
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
network
low complexity
h2o
5.4
2023-11-16 CVE-2023-6017 Unspecified vulnerability in H2O
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
local
low complexity
h2o
7.1
2023-11-16 CVE-2023-6038 Missing Authorization vulnerability in H2O
An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.
network
low complexity
h2o CWE-862
7.5
2023-11-16 CVE-2023-6016 Unspecified vulnerability in H2O
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
network
low complexity
h2o
critical
9.8