In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argument, causing a denial of service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-27T18:40:07.230Z
Updated: 2024-08-01T21:25:03.168Z
Reserved: 2024-06-13T17:38:41.146Z
Link: CVE-2024-5979
Vulnrichment
Updated: 2024-08-01T21:25:03.168Z
NVD
Status : Awaiting Analysis
Published: 2024-06-27T19:15:18.560
Modified: 2024-06-27T19:25:12.067
Link: CVE-2024-5979
Redhat
No data.