Описание
h2o vulnerable to unexpected POST request shutting down server
In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of service.
Пакеты
Наименование
h2o
pip
Затронутые версииВерсия исправления
<= 3.46.0
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.