h2o@3.46.0.11
H2O, Fast Scalable Machine Learning, for python
latest version
3.46.0.11
first published
8 years ago
latest version published
1 months ago
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the h2o package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by the server. How to fix Incorrect Privilege Assignment? There is no fixed version for | [0,) |
Affected versions of this package are vulnerable to Information Exposure through the Typeahead API call. An attacker can view full paths in the entire file system where the application is hosted by requesting a typeahead lookup of '/'. When combined with a Local File Inclusion (LFI) vulnerability, this vulnerability could lead to the exploitation of the server. How to fix Information Exposure? There is no fixed version for | [0,) |