CVE-2023-6569
CVSS 3.1 Score 8.2 of 10 (high)
Details
Published Dec 14, 2023
Updated: Dec 18, 2023
CWE ID 610
CWE ID 73
Summary
CVE-2023-6569 is a newly disclosed vulnerability affecting the h2oai/h2o-3 open-source project. This issue allows an attacker to manipulate file names or paths during data processing, potentially leading to unintended execution of code or unauthorized access to sensitive data. The vulnerability does not involve any authentication bypass or privilege escalation but solely relies on the attacker's ability to craft and submit specially crafted data. Users of h2o-3 are advised to update their installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- H2O (software)
Affected Vendors
- H2o