
We found results for “”
CVE-2024-10572
Good to know:

Date: March 20, 2025
In h2oai/h2o-3 version 3.46.0.1, the "run_tool" command exposes classes in the "water.tools" package through the "ast" parser. This includes the "XGBoostLibExtractTool" class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |