CVE-2024-6960
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jul 21, 2024
Updated: Aug 1, 2024
CWE ID 502
Summary
CVE-2024-6960 is a vulnerability in the H2O machine learning platform. This issue arises due to the platform's use of "Iced" classes for moving Java Objects around the cluster, which allows for deserialization of any class without restriction. An attacker can exploit this vulnerability by constructing a maliciously crafted Iced model containing Java gadgets, resulting in arbitrary code execution when imported to the H2O platform. This poses a serious security risk for organizations using the H2O machine learning platform.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share