Please report (suspected) security vulnerabilities to support@h2o.ai. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
We located these vulnerabilites from our security scans. The following list shows the vulnerabilities and the libraries they were found in:
- CVE-2024-9143:
libcrypto3,libssl3 - CVE-2021-22569:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2021-22570:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2022-3509:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2022-3510:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2024-7254:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2022-3171:
com.google.protobuf:protobuf-java (main-3.46.0.jar),com.google.protobuf:protobuf-java (main.jar) - CVE-2024-23454:
org.apache.hadoop:hadoop-common (main-3.46.0.jar),org.apache.hadoop:hadoop-common (main.jar) - CVE-2024-6763:
org.eclipse.jetty:jetty-http (main-3.46.0.jar),org.eclipse.jetty:jetty-http (main.jar) - CVE-2024-8184:
org.eclipse.jetty:jetty-http (main-3.46.0.jar),org.eclipse.jetty:jetty-http (main.jar) - CVE-2024-9823:
org.eclipse.jetty:jetty-http (main-3.46.0.jar),org.eclipse.jetty:jetty-http (main.jar) - CVE-2024-23454:
org.apache.hadoop:hadoop-common (steam-3.46.0.jar),org.apache.hadoop:hadoop-common (steam.jar) - CVE-2024-6763:
org.eclipse.jetty:jetty-http (steam-3.46.0.jar),org.eclipse.jetty:jetty-http (steam.jar) - CVE-2024-8184:
org.eclipse.jetty:jetty-http (steam-3.46.0.jar),org.eclipse.jetty:jetty-http (steam.jar)