H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NH2o
APPH2O≤ 3.46.0.4
Related vulnerabilities
RCE przez obejście blacklisty JDBC w REST API H2O-3
Deserializacja w H2O umożliwia RCE i odczyt plików systemowych
RCE poprzez deserializację w REST API h2oai/h2o-3 (JDBC URL)
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO mode...
A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service...