H2Oai H2O-3 vulnerabilities
23 known vulnerabilities affecting h2oai/h2oai_h2o-3.
Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL7HIGH13MEDIUM3
Vulnerabilities
Page 2 of 2
CVE-2023-6017P4HIGHCVSS 7.1≥ unspecified, ≤ latest2023-11-16
CVE-2023-6017 [HIGH] CWE-840 CVE-2023-6017: H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over th
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
nvd
CVE-2024-1456P4HIGHCVSS 7.1≥ unspecified, ≤ latest2024-04-16
CVE-2024-1456 [HIGH] CWE-840 CVE-2024-1456: An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves
An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.
nvd
CVE-2023-6013P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2023-11-16
CVE-2023-6013 [MEDIUM] CWE-79 CVE-2023-6013: H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
nvd
← Previous2 / 2