Home > Vulnerability Database > CVE-2024-5979

Mend.io Vulnerability Database

CVE-2024-5979

Good to know:

Date: June 27, 2024

In h2oai/h2o-3 version 3.46.0, the "run_tool" command in the "rapids" component allows the "main" function of any class under the "water.tools" namespace to be called. One such class, "MojoConvertTool", crashes the server when invoked with an invalid argument, causing a denial of service.

Language: Java

Severity Score

7.5

Related Resources (5)

Url: https://huntr.com/bounties/d80a2139-fc03-44b7-b739-de41e323b458

Url: https://github.com/h2oai/h2o-3

Url: https://github.com/h2oai/h2o-3/commit/d0899f8e0f7a584b60405a65b1d7b439aaaa55a5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-5979

Url: https://www.mend.io/vulnerability-database/CVE-2024-5979

Severity Score

7.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-5979

Good to know:

Date: June 27, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?