CVE-2024-6960: H2O vulnerable to Deserialization of Untrusted Data

July 21, 2024 (updated November 25, 2024)

The H2O machine learning platform uses “Iced” classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class allowlist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform.

References

github.com/advisories/GHSA-w36w-948j-xhfw
github.com/h2oai/h2o-3
mvnrepository.com/artifact/ai.h2o/h2o-core
nvd.nist.gov/vuln/detail/CVE-2024-6960
research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518

Code Behaviors & Features

Detect and mitigate CVE-2024-6960 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →