漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Deserialization Vulnerability in h2oai/h2o-3
Vulnerability Description
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present in the MySQL JDBC Driver version 8.0.19 and JDK version 8u112. The issue is resolved in version 3.46.0.8.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
H2O 代码问题漏洞
Vulnerability Description
H2O是H2O.ai开源的一个用于分布式、可扩展机器学习的内存平台。 H2O 3.46.0.7及之前版本存在代码问题漏洞,该漏洞源于JDBC连接参数验证不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A