Vulnerabilites related to h2oai - h2o-3
CVE-2025-10768 (GCVE-0-2025-10768)
Vulnerability from cvelistv5
Published
2025-09-21 09:33
Modified
2025-09-22 17:24
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.325124 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.325124 | signature, permissions-required | |
| https://vuldb.com/?submit.649508 | third-party-advisory | |
| https://github.com/ez-lbz/poc/issues/50 | exploit, issue-tracking | |
| https://github.com/ez-lbz/poc/issues/50#issue-3389830879 | exploit, issue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10768",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T17:24:13.085698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T17:24:16.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ez-lbz/poc/issues/50"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IBMDB2 JDBC Driver"
],
"product": "h2o-3",
"vendor": "h2oai",
"versions": [
{
"status": "affected",
"version": "3.46.08"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ez-lbz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in h2oai h2o-3 up to 3.46.08 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /99/ImportSQLTable der Komponente IBMDB2 JDBC Driver. Mit der Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-21T09:33:16.643Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325124 | h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325124"
},
{
"name": "VDB-325124 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325124"
},
{
"name": "Submit #649508 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.649508"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ez-lbz/poc/issues/50"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T10:21:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10768",
"datePublished": "2025-09-21T09:33:16.643Z",
"dateReserved": "2025-09-21T08:16:05.733Z",
"dateUpdated": "2025-09-22T17:24:16.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8862 (GCVE-0-2024-8862)
Vulnerability from cvelistv5
Published
2024-09-14 19:31
Modified
2024-09-16 14:16
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization
Summary
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.277499 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.277499 | signature, permissions-required | |
| https://vuldb.com/?submit.403200 | third-party-advisory | |
| https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4 | exploit |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:h2oai:h2o-3:3.46.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h2o-3",
"vendor": "h2oai",
"versions": [
{
"status": "affected",
"version": "3.46.0.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:14:18.575549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:16:28.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"JDBC Connection Handler"
],
"product": "h2o-3",
"vendor": "h2oai",
"versions": [
{
"status": "affected",
"version": "3.46.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "aftersnow (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in h2oai h2o-3 3.46.0.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion getConnectionSafe der Datei /dtale/chart-data/1 der Komponente JDBC Connection Handler. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-14T19:31:04.957Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-277499 | h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.277499"
},
{
"name": "VDB-277499 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.277499"
},
{
"name": "Submit #403200 | h2oai h2o-3 3.46.0.4 Unauthenticated Remote Code Execution via Unrestricted JDBC",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.403200"
},
{
"tags": [
"exploit"
],
"url": "https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-14T07:39:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8862",
"datePublished": "2024-09-14T19:31:04.957Z",
"dateReserved": "2024-09-14T05:34:17.828Z",
"dateUpdated": "2024-09-16T14:16:28.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10769 (GCVE-0-2025-10769)
Vulnerability from cvelistv5
Published
2025-09-21 09:33
Modified
2025-09-22 17:25
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.325125 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.325125 | signature, permissions-required | |
| https://vuldb.com/?submit.649728 | third-party-advisory | |
| https://vuldb.com/?submit.649793 | third-party-advisory | |
| https://github.com/ez-lbz/poc/issues/51 | exploit, issue-tracking | |
| https://github.com/ez-lbz/poc/issues/51#issue-3391023368 | exploit, issue-tracking | |
| https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d | related |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10769",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T17:25:34.976239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T17:25:38.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ez-lbz/poc/issues/51"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
},
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"H2 JDBC Driver"
],
"product": "h2o-3",
"vendor": "h2oai",
"versions": [
{
"status": "affected",
"version": "3.46.08"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ez-lbz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in h2oai h2o-3 up to 3.46.08 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /99/ImportSQLTable der Komponente H2 JDBC Driver. Durch die Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-21T09:33:19.679Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325125 | h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325125"
},
{
"name": "VDB-325125 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325125"
},
{
"name": "Submit #649728 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.649728"
},
{
"name": "Submit #649793 | h2oai h2o-3 3.46.0.7 Deserialization (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.649793"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ez-lbz/poc/issues/51"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
},
{
"tags": [
"related"
],
"url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-21T10:26:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10769",
"datePublished": "2025-09-21T09:33:19.679Z",
"dateReserved": "2025-09-21T08:16:09.091Z",
"dateUpdated": "2025-09-22T17:25:38.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}