High

h2o-3

Denial of Service and Arbitrary File Write via XGBoostLibExtractTool

A vulnerability in version 3.46.0.1 of the software allows attackers to cause a denial of service and write large files to arbitrary directories using the XGBoostLibExtractTool. The issue was patched in a subsequent release.

Available publicly on Dec 20 2024

7.5

CVE:

CVE-2024-10572

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

patrik-ha
AssessDetect

Unavailable

Remediate
Remediation Steps
  1. Update to the latest version of the software where the vulnerability has been patched.
  2. Ensure that the run_tool command is properly secured and does not expose sensitive classes.
  3. Implement additional validation and access controls to prevent unauthorized use of the run_tool command.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.