CVE-2024-6960

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class whitelist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform.

Published: Jul 21, 2024
Updated: May 4, 2025
CVE: CVE-2024-6960
GHSA: GHSA-w36w-948j-xhfw
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
ai.h2o / h2o-core	-	3.46.0.4.x

https://mvnrepository.com/artifact/ai.h2o/h2o-core
https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518
https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518/

Vulnerability Database

289,599

CVE-2024-6960