CNNVD-202509-181 Information
Sep 02, 2025
cve
CNNVD ID
CNNVD-202509-181
Related CVE
- CNNVD Published: 2025-09-02
Description (Chinese)
H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.0.7及之前版本存在代码问题漏洞,该漏洞源于JDBC连接参数验证不足,可能导致远程代码执行。
Description (English)
H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.46.0.7 and previous versions had a code problem loophole, which stemmed from insufficient validation of JDBC connectivity parameters and could lead to remote code execution.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
H2O.ai
Published
2025-09-02
Last Modified
2026-02-24
References
https://huntr.com/bounties/057a743b-b2ec-4312-8262-ce0ff8bc161c https://github.com/h2oai/h2o-3/commit/f714edd6b8429c7a7211b779b6ec108a95b7382d https://access.redhat.com/security/cve/cve-2025-5662 https://nvd.nist.gov/vuln/detail/CVE-2025-5662
Patch
https://github.com/h2oai/h2o-3/tags
Share on: