H2Oai H2O-3 vulnerabilities
23 known vulnerabilities affecting h2oai/h2oai_h2o-3.
Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH13MEDIUM3
Vulnerabilities
Page 1 of 2
CVE-2023-6038P1HIGHCVSS 7.5ExploitedPoC≥ unspecified, ≤ latest2023-11-16
CVE-2023-6038 [HIGH] CWE-862 CVE-2023-6038: A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated re
A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET
nvd
CVE-2023-6016P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2023-11-16
CVE-2023-6016 [CRITICAL] CWE-94 CVE-2023-6016: An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
nvd
CVE-2026-3960P2CRITICALCVSS 9.8≥ unspecified, < 3.46.0.102026-04-23
CVE-2026-3960 [CRITICAL] CWE-94 CVE-2026-3960: A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these con
nvd
CVE-2025-6507P2CRITICALCVSS 9.8≥ unspecified, < 3.46.0.82025-09-01
CVE-2025-6507 [CRITICAL] CWE-502 CVE-2025-6507: A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrust
A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The vulnerability arises from the ability to bypass regular expression filters intended to prevent
nvd
CVE-2024-10553P2CRITICALCVSS 9.8≥ unspecified, < 3.47.02025-03-20
CVE-2024-10553 [CRITICAL] CWE-502 CVE-2024-10553: A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attacker
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, leading to d
nvd
CVE-2024-5986P2CRITICALCVSS 9.1≥ unspecified, ≤ latest2026-02-02
CVE-2024-5986 [CRITICAL] CWE-73 CVE-2024-5986: A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to a
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the `/3/Frames/framename/export` endpoint. The impact of this vulnerability in
nvd
CVE-2025-6544P2CRITICALCVSS 9.8≥ unspecified, < 3.46.82025-09-21
CVE-2025-6544 [CRITICAL] CWE-502 CVE-2025-6544: A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to re
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all us
nvd
CVE-2025-5662P2CRITICALCVSS 9.8≥ unspecified, < 3.46.0.82025-09-02
CVE-2025-5662 [CRITICAL] CWE-502 CVE-2025-5662: A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present in the MySQL JDBC Driver version 8.0.19 and JDK vers
nvd
CVE-2024-8616P3HIGHCVSS 8.2≥ unspecified, ≤ latest2025-03-20
CVE-2024-8616 [HIGH] CWE-73 CVE-2024-8616: In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overw
In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting
nvd
CVE-2023-6569P3HIGHCVSS 8.2≥ unspecified, ≤ latest2023-12-14
CVE-2023-6569 [HIGH] CWE-73 CVE-2023-6569: External Control of File Name or Path in h2oai/h2o-3
External Control of File Name or Path in h2oai/h2o-3
nvd
CVE-2024-7768P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-7768 [HIGH] CWE-770 CVE-2024-7768: A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to
A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unab
nvd
CVE-2024-10572P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10572 [HIGH] CWE-94 CVE-2024-10572: In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.
nvd
CVE-2024-8062P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-8062 [HIGH] CWE-1088 CVE-2024-8062: A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of servi
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block
nvd
CVE-2024-6863P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-6863 [MEDIUM] CWE-749 CVE-2024-6863: In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to en
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacker to encrypt arbitrary files with keys of their choice,
nvd
CVE-2024-10550P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10550 [HIGH] CWE-1333 CVE-2024-10550: A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial
A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity, leading to the exhaustion of server resources and m
nvd
CVE-2024-7765P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-7765 [HIGH] CWE-409 CVE-2024-7765: In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a lar
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data am
nvd
CVE-2024-10549P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10549 [HIGH] CWE-1333 CVE-2024-10549: A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of se
A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading t
nvd
CVE-2024-5979P3HIGHCVSS 7.5≥ unspecified, < 3.46.0.62024-06-27
CVE-2024-5979 [HIGH] CWE-94 CVE-2024-5979: In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` fu
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
nvd
CVE-2024-6854P3HIGHCVSS 7.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-6854 [HIGH] CWE-36 CVE-2024-6854: In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export locati
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite i
nvd
CVE-2024-5550P4MEDIUMCVSS 5.3≥ unspecified, ≤ latest2024-06-06
CVE-2024-5550 [MEDIUM] CWE-22 CVE-2024-5550: In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup o
nvd
1 / 2Next →