CVE-2024-6960

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-502
View all →

Vulnerability Description

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class whitelist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform.

Related Vulnerabilities

CVE-2016-4483

HIGH
CVSS:7.5(High)

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute ...

CWE-5022016

CVE-2017-1000195

HIGH
CVSS:7.5(High)

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

CWE-5022017

CVE-2017-15693

HIGH
CVSS:7.5(High)

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:W...

CWE-5022017

CVE-2017-8804

HIGH
CVSS:7.5(High)

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual ...

CWE-5022017

CVE-2017-9844

HIGH
CVSS:7.5(High)

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP S...

CWE-5022017

CVE-2018-0824

HIGH
CVSS:7.5(High)

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." Th...

CWE-5022018