CVE-2023-6569
published 2023-12-14CVE-2023-6569: External Control of File Name or Path in h2oai/h2o-3
PriorityP341high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
EPSS
0.71%
49.1th percentile
External Control of File Name or Path in h2oai/h2o-3
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| h2o | h2o | — | — |
| h2o | h2o | >= 0 < 3.46.0.1 | 3.46.0.1 |
| h2o | h2o | 0 – 3.44.0.2 | — |
| h2oai | h2oai_h2o-3 | unspecified – latest | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvdv3.09.3CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
External Control of File Name or Path in h2oai/h2o-3
ghsa·2023-12-14
CVE-2023-6569 [CRITICAL] CWE-73 External Control of File Name or Path in h2oai/h2o-3
External Control of File Name or Path in h2oai/h2o-3
Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting as CSV.
OSV
External Control of File Name or Path in h2oai/h2o-3
osv·2023-12-14
CVE-2023-6569 [CRITICAL] External Control of File Name or Path in h2oai/h2o-3
External Control of File Name or Path in h2oai/h2o-3
Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting as CSV.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-14
Published