Headline
GHSA-58m3-rcvp-f9ww: h2o vulnerable to unexpected POST request shutting down server
In h2oai/h2o-3 version 3.46.0, the run_tool
command in the rapids
component allows the main
function of any class under the water.tools
namespace to be called. One such class, MojoConvertTool
, crashes the server when invoked with an invalid argument, causing a denial of service.
h2o vulnerable to unexpected POST request shutting down server
High severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024