Remote Code Execution via Source POJO Model Import
A vulnerability in H2O-3 version 3.42.0.2 allows attackers to execute arbitrary code by uploading a malicious source POJO model. This issue, which leads to a full compromise of the system running H2O-3, was identified in the process of importing models through the web UI. The specific patch version addressing this vulnerability is not mentioned, indicating the need for users to consult the H2O-3 repository for updates.
Available publicly on Nov 16 2023
Threat Overview
The vulnerability stems from H2O-3's functionality to import models in various formats, including source POJO. An attacker can exploit this by hosting a malicious source POJO model on a web server and then instructing H2O-3 to import this model through its web UI. The malicious code within the POJO is executed, granting the attacker access equivalent to the H2O-3 process's permissions. This can lead to a full system compromise, including theft of models and data.
Attack Scenario
An attacker sets up a web server hosting a malicious source POJO model. They then use the H2O-3 web UI to instruct the system to import this model. The system fetches and compiles the POJO, executing the embedded malicious code. This results in the attacker gaining remote code execution capabilities on the system running H2O-3.
Who is affected
Any system running H2O-3 version 3.42.0.2 without the appropriate patch is vulnerable to this attack. This includes environments where models are imported through the web UI, particularly those with internet access or within a network that an attacker can infiltrate.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.