Vulnerabilities > H2O > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6569 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 | 8.2 |
| 2023-11-16 | CVE-2023-6017 | Unspecified vulnerability in H2O H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | 7.1 |
| 2023-11-16 | CVE-2023-6038 | Missing Authorization vulnerability in H2O A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. | 7.5 |