AIKIDO-2024-10415
h2o is vulnerable to Uncontrolled Resource Consumption
82
High
h2o python
AIKIDO-2024-10415: h2o is vulnerable to Uncontrolled Resource Consumption in versions 3.10.0.3 - 3.46.0.5.
Uncontrolled Resource Consumption
Vuln in 3.10.0.3 - 3.46.0.5
Fixed in 3.46.0.6
CVE-2020-5979
TL;DR
Affected versions of this package are vulnerable to uncontrolled resource consumption which may lead to DoS. The `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade h2o library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US