h2o@3.36.0.4 vulnerabilities
H2O, Fast Scalable Machine Learning, for python
-
latest version
3.46.0.6
-
first published
6 years ago
-
latest version published
20 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the h2o package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing input size validation when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values, causing the application to exhaust all available resources. How to fix Denial of Service (DoS)? Upgrade |
[,3.46.0.4)
|
Affected versions of this package are vulnerable to Information Exposure through the Typeahead API call. An attacker can view full paths in the entire file system where the application is hosted by requesting a typeahead lookup of '/'. When combined with a Local File Inclusion (LFI) vulnerability, this vulnerability could lead to the exploitation of the server. How to fix Information Exposure? There is no fixed version for |
[0,)
|