pkg:Maven/ai.h2o:h2o-core

All known vulnerabilities

• CRITICAL9.8CVE-2025-6544H2O affected by a deserialization vulnerability
  from 0, <= 3.46.0.7
• CRITICAL9.8CVE-2024-10553H2O Deserialization of Untrusted Data Vulnerability
  from 0, < 3.46.0.6
• CRITICAL9.3CVE-2023-6038H2O local file inclusion vulnerability
  from 0, <= 3.40.0.4
• CRITICAL9.1H2O has an External Control of File Name or Path vulnerability
  from 0, <= 3.46.0.1
• CRITICAL9.1H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
  from 0, <= 3.46.0.7
• HIGH8.2H2O Vulnerable to Arbitrary File Overwrite
  >= 3.10.4.1, <= 3.46.0
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
  >= 3.2.0.1, <= 3.46.0
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
  >= 3.32.1.2, <= 3.46.0.2
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
  from 0, <= 3.46.1
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint
  >= 3.30.0.7, <= 3.46.0.1
• HIGH7.5H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
  >= 3.30.0.7, <= 3.46.0.1
• HIGH7.5H2O vulnerable to Deserialization of Untrusted Data
  from 0, <= 3.46.0.4
• HIGH7.1H2O Vulnerable to Arbitrary File Overwrite via File Export
  >= 3.32.1.1, <= 3.46.0
• MEDIUM6.5H2O Vulnerable to Execution of Arbitrary Files
  >= 3.32.1.2, <= 3.46.0
• MEDIUM5.9H2O-3 is Vulnerable to Code Injection
  from 0, < 3.46.0.10