Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ai.h2o/h2o-core@3.32.0.2
Typemaven
Namespaceai.h2o
Nameh2o-core
Version3.32.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1b6u-e72c-kbec
vulnerability_id VCID-1b6u-e72c-kbec
summary A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10550
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57591
published_at 2026-06-13T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57582
published_at 2026-06-14T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.5746
published_at 2026-06-11T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57576
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10550
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/blob/51c25940ded8b7d0acc8f3f72329fd9dedbb3a34/h2o-core/src/main/java/water/api/ParseSetupHandler.java#L121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/blob/51c25940ded8b7d0acc8f3f72329fd9dedbb3a34/h2o-core/src/main/java/water/api/ParseSetupHandler.java#L121
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10550
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10550
4
reference_url https://huntr.com/bounties/ef3f4d89-3b8b-4618-b134-cb93c1664ec6
reference_id ef3f4d89-3b8b-4618-b134-cb93c1664ec6
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:08Z/
url https://huntr.com/bounties/ef3f4d89-3b8b-4618-b134-cb93c1664ec6
5
reference_url https://github.com/advisories/GHSA-7qq7-pvm9-x8rf
reference_id GHSA-7qq7-pvm9-x8rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qq7-pvm9-x8rf
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.2
purl pkg:maven/ai.h2o/h2o-core@3.46.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1re-5nwx-wfb2
1
vulnerability VCID-cu6c-k4e7-puf7
2
vulnerability VCID-da4r-ymzc-f7gg
3
vulnerability VCID-faw8-tfz2-eudq
4
vulnerability VCID-nfcx-t5c9-5bbt
5
vulnerability VCID-vme1-up9z-yqaw
6
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.2
aliases CVE-2024-10550, GHSA-7qq7-pvm9-x8rf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1b6u-e72c-kbec
1
url VCID-b1re-5nwx-wfb2
vulnerability_id VCID-b1re-5nwx-wfb2
summary H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45758
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28199
published_at 2026-06-11T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28409
published_at 2026-06-14T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28394
published_at 2026-06-12T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28419
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45758
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/issues/16425
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/issues/16425
3
reference_url https://github.com/h2oai/h2o-3/issues/16622
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/issues/16622
4
reference_url https://github.com/h2oai/h2o-3/pull/16624
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/pull/16624
5
reference_url https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb
reference_id c24ca3c26dc89ab797e610e92a6a9acb
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T17:51:47Z/
url https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45758
reference_id CVE-2024-45758
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45758
7
reference_url https://github.com/advisories/GHSA-hrmc-jmp7-mpm2
reference_id GHSA-hrmc-jmp7-mpm2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrmc-jmp7-mpm2
8
reference_url https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068
reference_id Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T17:51:47Z/
url https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.8
purl pkg:maven/ai.h2o/h2o-core@3.46.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu6c-k4e7-puf7
1
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.8
aliases CVE-2024-45758, GHSA-hrmc-jmp7-mpm2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1re-5nwx-wfb2
2
url VCID-cu6c-k4e7-puf7
vulnerability_id VCID-cu6c-k4e7-puf7
summary A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3960
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57928
published_at 2026-06-11T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.58046
published_at 2026-06-14T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.5804
published_at 2026-06-12T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.58057
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3960
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3960
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3960
3
reference_url https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d
reference_id 6954fe04-b905-453f-8c53-205ac8377e0d
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:25:29Z/
url https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d
4
reference_url https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044
reference_id b9ae2d3c5220db2dc53753357a783e590364d044
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T12:25:29Z/
url https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044
5
reference_url https://github.com/advisories/GHSA-qmcv-hh7c-3m56
reference_id GHSA-qmcv-hh7c-3m56
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmcv-hh7c-3m56
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.10
purl pkg:maven/ai.h2o/h2o-core@3.46.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.10
aliases CVE-2026-3960, GHSA-qmcv-hh7c-3m56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cu6c-k4e7-puf7
3
url VCID-faw8-tfz2-eudq
vulnerability_id VCID-faw8-tfz2-eudq
summary A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all users of the affected versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6544
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.74499
published_at 2026-06-12T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.74511
published_at 2026-06-14T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.74426
published_at 2026-06-11T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.74512
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6544
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6544
3
reference_url https://github.com/h2oai/h2o-3/commit/0298ee348f5c73673b7b542158081e79605f5f25
reference_id 0298ee348f5c73673b7b542158081e79605f5f25
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-09-22T17:23:22Z/
url https://github.com/h2oai/h2o-3/commit/0298ee348f5c73673b7b542158081e79605f5f25
4
reference_url https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40
reference_id 53f35a0f-d644-4f82-93aa-89fe7e0aed40
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-09-22T17:23:22Z/
url https://huntr.com/bounties/53f35a0f-d644-4f82-93aa-89fe7e0aed40
5
reference_url https://github.com/advisories/GHSA-5w3j-gwgh-4rfv
reference_id GHSA-5w3j-gwgh-4rfv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w3j-gwgh-4rfv
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.8
purl pkg:maven/ai.h2o/h2o-core@3.46.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu6c-k4e7-puf7
1
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.8
aliases CVE-2025-6544, GHSA-5w3j-gwgh-4rfv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-faw8-tfz2-eudq
4
url VCID-fb24-2xvd-jbat
vulnerability_id VCID-fb24-2xvd-jbat
summary A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8062
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48353
published_at 2026-06-13T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48338
published_at 2026-06-14T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48198
published_at 2026-06-11T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.48336
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8062
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/blob/047a4d617240a56e74f834207c65973d133391cb/h2o-core/src/main/java/water/persist/PersistManager.java#L302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/blob/047a4d617240a56e74f834207c65973d133391cb/h2o-core/src/main/java/water/persist/PersistManager.java#L302
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8062
4
reference_url https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23
reference_id a04190d9-4acb-449a-9a7f-f1bf6be1ed23
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T15:23:25Z/
url https://huntr.com/bounties/a04190d9-4acb-449a-9a7f-f1bf6be1ed23
5
reference_url https://github.com/advisories/GHSA-5c8j-g96x-cj78
reference_id GHSA-5c8j-g96x-cj78
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5c8j-g96x-cj78
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.1
purl pkg:maven/ai.h2o/h2o-core@3.46.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b6u-e72c-kbec
1
vulnerability VCID-b1re-5nwx-wfb2
2
vulnerability VCID-cu6c-k4e7-puf7
3
vulnerability VCID-da4r-ymzc-f7gg
4
vulnerability VCID-faw8-tfz2-eudq
5
vulnerability VCID-ke25-9jrn-hugc
6
vulnerability VCID-nfcx-t5c9-5bbt
7
vulnerability VCID-rgnx-9tfe-6kh3
8
vulnerability VCID-vme1-up9z-yqaw
9
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.1
aliases CVE-2024-8062, GHSA-5c8j-g96x-cj78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb24-2xvd-jbat
5
url VCID-ke25-9jrn-hugc
vulnerability_id VCID-ke25-9jrn-hugc
summary A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10549
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57591
published_at 2026-06-13T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57582
published_at 2026-06-14T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.5746
published_at 2026-06-11T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57576
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10549
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/blob/51c25940ded8b7d0acc8f3f72329fd9dedbb3a34/h2o-core/src/main/java/water/api/ParseHandler.java#L80
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/blob/51c25940ded8b7d0acc8f3f72329fd9dedbb3a34/h2o-core/src/main/java/water/api/ParseHandler.java#L80
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10549
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10549
4
reference_url https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2
reference_id ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:01:19Z/
url https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2
5
reference_url https://github.com/advisories/GHSA-wwr9-4gmr-xvq9
reference_id GHSA-wwr9-4gmr-xvq9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwr9-4gmr-xvq9
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.2
purl pkg:maven/ai.h2o/h2o-core@3.46.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1re-5nwx-wfb2
1
vulnerability VCID-cu6c-k4e7-puf7
2
vulnerability VCID-da4r-ymzc-f7gg
3
vulnerability VCID-faw8-tfz2-eudq
4
vulnerability VCID-nfcx-t5c9-5bbt
5
vulnerability VCID-vme1-up9z-yqaw
6
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.2
aliases CVE-2024-10549, GHSA-wwr9-4gmr-xvq9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke25-9jrn-hugc
6
url VCID-ksm5-4yxe-7bej
vulnerability_id VCID-ksm5-4yxe-7bej
summary In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8616
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47214
published_at 2026-06-14T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.47078
published_at 2026-06-11T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.47218
published_at 2026-06-12T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.47232
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8616
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/blob/088190f9d0370a02a483fca68d8dc89c996b4f83/h2o-core/src/main/java/water/api/ModelsHandler.java#L310
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/blob/088190f9d0370a02a483fca68d8dc89c996b4f83/h2o-core/src/main/java/water/api/ModelsHandler.java#L310
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8616
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8616
4
reference_url https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a
reference_id aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:51:48Z/
url https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a
5
reference_url https://github.com/advisories/GHSA-g48v-3p35-88jr
reference_id GHSA-g48v-3p35-88jr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g48v-3p35-88jr
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.1
purl pkg:maven/ai.h2o/h2o-core@3.46.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b6u-e72c-kbec
1
vulnerability VCID-b1re-5nwx-wfb2
2
vulnerability VCID-cu6c-k4e7-puf7
3
vulnerability VCID-da4r-ymzc-f7gg
4
vulnerability VCID-faw8-tfz2-eudq
5
vulnerability VCID-ke25-9jrn-hugc
6
vulnerability VCID-nfcx-t5c9-5bbt
7
vulnerability VCID-rgnx-9tfe-6kh3
8
vulnerability VCID-vme1-up9z-yqaw
9
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.1
aliases CVE-2024-8616, GHSA-g48v-3p35-88jr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksm5-4yxe-7bej
7
url VCID-nfcx-t5c9-5bbt
vulnerability_id VCID-nfcx-t5c9-5bbt
summary A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, leading to deserialization if a MySQL or PostgreSQL driver is available in the classpath. This issue is fixed in version 3.47.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10553
reference_id
reference_type
scores
0
value 0.02857
scoring_system epss
scoring_elements 0.86617
published_at 2026-06-14T12:55:00Z
1
value 0.02857
scoring_system epss
scoring_elements 0.86619
published_at 2026-06-13T12:55:00Z
2
value 0.02857
scoring_system epss
scoring_elements 0.8656
published_at 2026-06-11T12:55:00Z
3
value 0.02857
scoring_system epss
scoring_elements 0.8661
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10553
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10553
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10553
3
reference_url https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac
reference_id ac1d642b4d86f10a02d75974055baf2a4b2025ac
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:32Z/
url https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac
4
reference_url https://huntr.com/bounties/e6f550dd-eda2-428c-a740-ed8f893a084b
reference_id e6f550dd-eda2-428c-a740-ed8f893a084b
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:32Z/
url https://huntr.com/bounties/e6f550dd-eda2-428c-a740-ed8f893a084b
5
reference_url https://github.com/advisories/GHSA-h7xg-cmpp-48hf
reference_id GHSA-h7xg-cmpp-48hf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7xg-cmpp-48hf
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.6
purl pkg:maven/ai.h2o/h2o-core@3.46.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1re-5nwx-wfb2
1
vulnerability VCID-cu6c-k4e7-puf7
2
vulnerability VCID-faw8-tfz2-eudq
3
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.6
aliases CVE-2024-10553, GHSA-h7xg-cmpp-48hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfcx-t5c9-5bbt
8
url VCID-rgnx-9tfe-6kh3
vulnerability_id VCID-rgnx-9tfe-6kh3
summary A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the `/3/Frames/framename/export` endpoint. The impact of this vulnerability includes the potential for remote code execution and complete access to the system running h2o-3, as attackers can overwrite critical files such as private SSH keys or script files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5986
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37297
published_at 2026-06-11T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37484
published_at 2026-06-14T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37498
published_at 2026-06-13T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37474
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5986
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://huntr.com/bounties/64ff5319-6ac3-4447-87f7-b53495d4d5a3
reference_id 64ff5319-6ac3-4447-87f7-b53495d4d5a3
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-02T12:52:10Z/
url https://huntr.com/bounties/64ff5319-6ac3-4447-87f7-b53495d4d5a3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5986
reference_id CVE-2024-5986
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5986
4
reference_url https://github.com/advisories/GHSA-wj3h-wx8g-x699
reference_id GHSA-wj3h-wx8g-x699
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wj3h-wx8g-x699
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.2
purl pkg:maven/ai.h2o/h2o-core@3.46.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1re-5nwx-wfb2
1
vulnerability VCID-cu6c-k4e7-puf7
2
vulnerability VCID-da4r-ymzc-f7gg
3
vulnerability VCID-faw8-tfz2-eudq
4
vulnerability VCID-nfcx-t5c9-5bbt
5
vulnerability VCID-vme1-up9z-yqaw
6
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.2
aliases CVE-2024-5986, GHSA-wj3h-wx8g-x699
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgnx-9tfe-6kh3
9
url VCID-vme1-up9z-yqaw
vulnerability_id VCID-vme1-up9z-yqaw
summary The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class whitelist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6960
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40035
published_at 2026-06-11T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40216
published_at 2026-06-14T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40227
published_at 2026-06-13T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40204
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6960
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://mvnrepository.com/artifact/ai.h2o/h2o-core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://mvnrepository.com/artifact/ai.h2o/h2o-core
3
reference_url https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6960
reference_id CVE-2024-6960
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6960
5
reference_url https://github.com/advisories/GHSA-w36w-948j-xhfw
reference_id GHSA-w36w-948j-xhfw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w36w-948j-xhfw
6
reference_url https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518/
reference_id h2o-model-deserialization-rce-jfsa-2024-001035518
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-24T17:06:30Z/
url https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518/
fixed_packages
0
url pkg:maven/ai.h2o/h2o-core@3.46.0.5
purl pkg:maven/ai.h2o/h2o-core@3.46.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1re-5nwx-wfb2
1
vulnerability VCID-cu6c-k4e7-puf7
2
vulnerability VCID-faw8-tfz2-eudq
3
vulnerability VCID-nfcx-t5c9-5bbt
4
vulnerability VCID-wg5g-p9nq-nbex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.46.0.5
aliases CVE-2024-6960, GHSA-w36w-948j-xhfw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vme1-up9z-yqaw
10
url VCID-wg5g-p9nq-nbex
vulnerability_id VCID-wg5g-p9nq-nbex
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7768
reference_id
reference_type
scores
0
value 0.00509
scoring_system epss
scoring_elements 0.66882
published_at 2026-06-12T12:55:00Z
1
value 0.00509
scoring_system epss
scoring_elements 0.66789
published_at 2026-06-11T12:55:00Z
2
value 0.00509
scoring_system epss
scoring_elements 0.66896
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7768
1
reference_url https://github.com/h2oai/h2o-3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3
2
reference_url https://github.com/h2oai/h2o-3/blob/7d418fa19d3ab434f742818e37f891bef9102c97/h2o-core/src/main/java/water/api/ImportFilesHandler.java#L19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/h2oai/h2o-3/blob/7d418fa19d3ab434f742818e37f891bef9102c97/h2o-core/src/main/java/water/api/ImportFilesHandler.java#L19
3
reference_url https://huntr.com/bounties/3fe640df-bef4-4072-8890-0d12bc2818f6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/3fe640df-bef4-4072-8890-0d12bc2818f6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7768
5
reference_url https://github.com/advisories/GHSA-p2vc-m5fv-9w9m
reference_id GHSA-p2vc-m5fv-9w9m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2vc-m5fv-9w9m
fixed_packages
aliases CVE-2024-7768, GHSA-p2vc-m5fv-9w9m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg5g-p9nq-nbex
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ai.h2o/h2o-core@3.32.0.2