Security Advisory

CVE-2024-5979

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-27 18:40:07

Last updated 2025-10-15 12:49:44

Assigner @huntr_ai

State PUBLISHED

Description

In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.

← Browse all CVEs View on cve.org ↗