CVE-2023-6569

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Dec 14, 2023
Updated: Dec 18, 2023
CWE ID 610
CWE ID 73

Summary

CVE-2023-6569 is a newly disclosed vulnerability affecting the h2oai/h2o-3 open-source project. This issue allows an attacker to manipulate file names or paths during data processing, potentially leading to unintended execution of code or unauthorized access to sensitive data. The vulnerability does not involve any authentication bypass or privilege escalation but solely relies on the attacker's ability to craft and submit specially crafted data. Users of h2o-3 are advised to update their installations as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share