漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Jdbc Deserialization in h2oai/h2o-3
Vulnerability Description
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, leading to deserialization if a MySQL or PostgreSQL driver is available in the classpath. This issue is fixed in version 3.47.0.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
H2O 代码问题漏洞
Vulnerability Description
H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.0.4版本存在代码问题漏洞,该漏洞源于反序列化不受信任数据,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A