CVE-2024-8062
HIGHDescription
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| h2o | h2o |
References
Frequently Asked Questions
What is CVE-2024-8062? +
How severe is CVE-2024-8062? +
What products are affected by CVE-2024-8062? +
How do I check if I'm vulnerable to CVE-2024-8062? +
Related Vulnerabilities
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the …
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking …
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled …
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of …
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. …
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command …