H2o: Security Vulnerabilities
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
CVSS Score
9.3
EPSS Score
0.002
Published
2023-11-16
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
CVSS Score
8.7
EPSS Score
0.002
Published
2023-11-16
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
CVSS Score
10.0
EPSS Score
0.682
Published
2023-11-16
Page 3