Latest version: v3.46.0.7
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2024-7768 | 76233 |
A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version… |
|
- | - |
| CVE-2024-10553 | 76293 |
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows … |
|
- | - |
| PVE-2024-72502 | 72502 |
H2o 3.46.0.4 updates its MAVEN dependency 'com.fasterxml.jackson.core… |
|
- | - |
| CVE-2023-35116 | 72503 |
H2o 3.46.0.4 updates its MAVEN dependency 'com.fasterxml.jackson.core… |
|
MEDIUM | 4.7 |
| CVE-2024-10550 | 76291 |
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version … |
|
- | - |
| CVE-2024-10572 | 76296 |
In h2oai/h2o-3 version 3.46.0.1, the run_tool command exposes classes… |
|
- | - |
| CVE-2024-10549 | 76297 |
A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.… |
|
- | - |
| PVE-2023-63047 | 63047 |
H2o 3.44.0.2 updates its MAVEN dependency org.python:jython due to a … |
|
- | - |
| CVE-2022-40149 | 72501 |
H2o 3.44.0.1 updates its MAVEN dependency 'org.codehaus.jettison:jett… |
|
HIGH | 7.5 |
| CVE-2023-1436 | 59331 |
H2o 3.44.0.1 updates its MAVEN dependency 'org.codehaus.jettison:jett… |
|
HIGH | 7.5 |
| CVE-2022-45693 | 59332 |
H2o 3.44.0.1 updates its MAVEN dependency 'org.codehaus.jettison:jett… |
|
HIGH | 7.5 |
| CVE-2022-40150 | 59334 |
H2o 3.44.0.1 updates its MAVEN dependency 'org.codehaus.jettison:jett… |
|
HIGH | 7.5 |
| CVE-2023-1370 | 59335 |
H2o 3.44.0.1 updates its MAVEN dependency 'net.minidev:json-smart' to… |
|
HIGH | 7.5 |
| CVE-2022-45685 | 59333 |
H2o 3.44.0.1 updates its MAVEN dependency 'org.codehaus.jettison:jett… |
|
HIGH | 7.5 |
| PVE-2023-60620 | 60620 |
H2o 3.42.0.3 deletes its MAVEN dependency 'no.priv.garshol.duke:duke'… |
|
- | - |
| CVE-2023-2976 | 59320 |
H2o 3.42.0.1 updates its MAVEN dependency 'guava' to '32.0.1-jre' to … |
|
HIGH | 7.1 |
| CVE-2022-3509 | 59337 |
H2o 3.38.0.4 updates its dependency 'com.google.cloud:google-cloud-st… |
|
HIGH | 7.5 |
| CVE-2022-42889 | 59339 |
H2o 3.38.0.2 updates its MAVEN dependency 'org.apache.commons:commons… |
|
CRITICAL | 9.8 |
| CVE-2022-42003 | 59338 |
H2o 3.38.0.2 updates its MAVEN dependency 'com.fasterxml.jackson.core… |
|
HIGH | 7.5 |
| CVE-2022-25647 | 59343 |
H2o 3.36.1.3 updates its MAVEN dependency 'com.google.code.gson:gson'… |
|
HIGH | 7.5 |
| CVE-2021-44832 | 44451 |
H2o 3.36.0.1 updates its MAVEN dependency 'log4j' to v2.17.1 to fix a… |
|
MEDIUM | 6.6 |
| CVE-2021-45105 | 43439 |
H2o 3.34.0.7 updates its MAVEN dependency 'log4j' to version 2.17.0 t… |
|
MEDIUM | 5.9 |
| CVE-2021-45046 | 43398 |
H2o 3.34.0.7 updates its MAVEN dependency 'log4j' to version 2.17.0 t… |
|
CRITICAL | 9.0 |
| CVE-2021-44228 | 43397 |
H2o 3.34.0.7 updates its MAVEN dependency 'log4j' to version 2.17.0 t… |
|
CRITICAL | 10.0 |
| CVE-2024-7765 | 76227 |
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploadi… |
|
HIGH | 7.5 |
| CVE-2024-6863 | 76248 |
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encrypti… |
|
- | - |
| CVE-2024-6854 | 76238 |
In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does… |
|
- | - |
| CVE-2024-8062 | 76215 |
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46… |
|
HIGH | 7.5 |
| CVE-2024-8616 | 76212 |
In h2oai/h2o-3 version 3.46.0, the /99/Models/{name}/json endpoint al… |
|
- | - |
| CVE-2024-5979 | 72091 |
Affected versions of H2o are vulnerable to CVE-2024-5979: The 'run_to… |
|
- | - |
| CVE-2023-6569 | 65214 |
Affected versions of H2o are vulnerable to External Control of File N… |
|
HIGH | 8.2 |
| CVE-2024-5550 | 72522 |
Affected versions of H2o are vulnerable to Exposure of Sensitive Info… |
|
MEDIUM | 5.3 |