CVE-2024-8862 | h2oai h2o-3 3.46.0.4 JDBC Connection /dtale/chart-data/1 getConnectionSafe query deserialization

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization.

The identification of this vulnerability is CVE-2024-8862. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-8862 | h2oai h2o-3 3.46.0.4 JDBC Connection /dtale/chart-data/1 getConnectionSafe query deserialization

Related Posts

CVE-2022-45349 | Muffingroup Betheme Plugin up to 26.6.1 on WordPress authorization

CVE-2023-49292 | ecies go 2.0.8 Encapsulate/Decapsulate/ECDH information disclosure (GHSA-8j98-cjfr-qx3h)

CVE-2023-6707 | Google Chrome prior 120.0.6099.109 CSS use after free

CVE-2023-25644 | ZTE MC801A/MC801A1 Web Interface exceptional condition