PyPi: H2o

CVE-2024-10550

Safety vulnerability ID: 76291

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 20, 2025 Updated at Mar 28, 2025

Scan your Python projects for vulnerabilities →

Advisory

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive.

Affected package

h2o

Latest version: 3.46.0.7

H2O, Fast Scalable Machine Learning, for python

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application