H2oaih2o 3
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in H2oaih2o 3.
By the Year
In 2026 there have been 0 vulnerabilities in H2oaih2o 3. H2oaih2o 3 did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 0.00 |
It may take a day or so for new H2oaih2o 3 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent H2oaih2o 3 Security Vulnerabilities
H2O-3 3.46.0 run_tool CVE20245979: rapids exec water.tools class = DoS
CVE-2024-5979
- June 27, 2024
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
Code Injection
h2o-3 3.40.0.4 Path Disclosure via Typeahead API
CVE-2024-5550
- June 06, 2024
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for H2oaih2o 3 or by H2oai? Click the Watch button to subscribe.
