
We found results for “”
CVE-2024-7768
Good to know:

Date: March 20, 2025
A vulnerability in the "/3/ImportFiles" endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, "path", which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |