h2o CVE Vulnerabilities & Metrics

Focus on h2o vulnerabilities and metrics.

Last updated: 01 Aug 2025, 22:25 UTC

About h2o Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with h2o. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total h2o CVEs: 19
Earliest CVE date: 16 Nov 2023, 16:15 UTC
Latest CVE date: 20 Mar 2025, 10:15 UTC

Latest CVE reference: CVE-2024-8616

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 11

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 37.5%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 37.5%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical h2o CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.39

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 18
4.0-6.9 0
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS h2o CVEs

These are the five CVEs with the highest CVSS scores for h2o, sorted by severity first and recency.

All CVEs for h2o

CVE-2024-8616 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

CVE-2024-8062 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.

CVE-2024-7768 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests.

CVE-2024-7765 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling of highly compressed data, leading to significant data amplification.

CVE-2024-6863 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacker to encrypt arbitrary files with keys of their choice, making it exceedingly difficult for the target to recover the keys needed for decryption.

CVE-2024-6854 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

CVE-2024-10572 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service.

CVE-2024-10553 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, leading to deserialization if a MySQL or PostgreSQL driver is available in the classpath. This issue is fixed in version 3.47.0.

CVE-2024-10550 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity, leading to the exhaustion of server resources and making the server unresponsive.

CVE-2024-10549 h2o vulnerability CVSS: 0 20 Mar 2025, 10:15 UTC

A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service.

CVE-2024-8862 h2o vulnerability CVSS: 7.5 14 Sep 2024, 20:15 UTC

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-5979 h2o vulnerability CVSS: 0 27 Jun 2024, 19:15 UTC

In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.

CVE-2024-5550 h2o vulnerability CVSS: 0 06 Jun 2024, 19:16 UTC

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial.

CVE-2024-1456 h2o vulnerability CVSS: 0 16 Apr 2024, 00:15 UTC

An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.

CVE-2023-6569 h2o vulnerability CVSS: 0 14 Dec 2023, 13:15 UTC

External Control of File Name or Path in h2oai/h2o-3

CVE-2023-6038 h2o vulnerability CVSS: 0 16 Nov 2023, 17:15 UTC

A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.

CVE-2023-6017 h2o vulnerability CVSS: 0 16 Nov 2023, 17:15 UTC

H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.

CVE-2023-6013 h2o vulnerability CVSS: 0 16 Nov 2023, 17:15 UTC

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.

CVE-2023-6016 h2o vulnerability CVSS: 0 16 Nov 2023, 16:15 UTC

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.