CVE-2024-8862
CVE-2024-8862
Título es
CVE-2024-8862
Sáb, 14/09/2024 – 20:15
Tipo
CWE-502
Gravedad v2.0
7.50
Gravedad 2.0 Txt
HIGH
Título en
CVE-2024-8862
Descripción en
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
14/09/2024
14/09/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P
Gravedad 3.1 (CVSS 3.1 Base Score)
7.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
