CVE-2023-6569
CVSS 3.1 Score 8.2 of 10 (high)
Details
Published Dec 14, 2023
Updated: Dec 18, 2023
CWE ID 610
CWE ID 73
Summary
CVE-2023-6569 is a newly disclosed vulnerability affecting the h2oai/h2o-3 open-source project. This issue allows an attacker to manipulate file names or paths during data processing, potentially leading to unintended execution of code or unauthorized access to sensitive data. The vulnerability does not involve any authentication bypass or privilege escalation but solely relies on the attacker's ability to craft and submit specially crafted data. Users of h2o-3 are advised to update their installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- H2O (software)
Affected Vendors
- H2o
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-6569 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions