cvedb.io
CVE-2024-7768
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:37.133 · Last modified 2026-06-17T08:20:53.143

Summary

A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests.

Affected products

h2o — h2o

Does this affect you?

Add your gear to cvedb and we'll alert you only when h2o ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.