CNNVD-202602-119 Information

CNNVD ID

CNNVD-202602-119

Related CVE

CVE-2024-5986

• CNNVD Published: 2026-02-02

Description (Chinese)

H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.0.1版本存在安全漏洞，该漏洞源于攻击者可利用/3/Parse和/3/Frames/framename/export端点向服务器任意文件写入数据，可能导致远程代码执行。

Description (English)

H2O is an open-source H2O.ai memory platform for distributed, scalable machine learning. H2O 3.46.0.1 has a security loophole, which stems from the fact that the attackers can use /3/Parse and /3/Frames/framename/export endpoints to write data to the server at will, which may result in remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

H2O.ai

Published

2026-02-02

Last Modified

2026-02-24

References

https://huntr.com/bounties/64ff5319-6ac3-4447-87f7-b53495d4d5a3 https://access.redhat.com/security/cve/cve-2024-5986