Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-58m3-rcvp-f9ww: h2o vulnerable to unexpected POST request shutting down server

In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of service.

ghsa
#dos#git

h2o vulnerable to unexpected POST request shutting down server

High severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024

ghsa: Latest News

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum