Safety vulnerability ID: 76293
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, leading to deserialization if a MySQL or PostgreSQL driver is available in the classpath. This issue is fixed in version 3.46.0.6.
Latest version: 3.46.0.7
H2O, Fast Scalable Machine Learning, for python
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application