| Title | h2oai h2o-3 3.46.0.4 Unauthenticated Remote Code Execution via Unrestricted JDBC |
|---|
| Description | Due to H2O using the getConnectionSafe method, it appears that the intention was to establish a secure connection. However, in practice, no restrictions are placed on the JDBC connection settings, allowing attackers to arbitrarily set the JDBC URL. This can lead to deserialization attacks, file reads, command execution, and other risks on the victim's server. |
|---|
| Source | ⚠️ https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4 |
|---|
| User | aftersnow (UID 71336) |
|---|
| Submission | 09/05/2024 14:20 (2 years ago) |
|---|
| Moderation | 09/14/2024 07:34 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 277499 [h2oai h2o-3 3.46.0.4 JDBC Connection /dtale/chart-data/1 getConnectionSafe Query deserialization] |
|---|
| Points | 15 |
|---|