{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T11:49:52.554","vulnerabilities":[{"cve":{"id":"CVE-2024-7768","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:37.133","lastModified":"2025-10-15T13:15:52.797","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests."},{"lang":"es","value":"Una vulnerabilidad en el endpoint `/3/ImportFiles` de h2oai/h2o-3 versión 3.46.1 permite a un atacante provocar una denegación de servicio. El endpoint utiliza un único parámetro GET, `path`, que puede configurarse recursivamente para que se autoreferencia. Esto provoca que el servidor llame repetidamente a su propio endpoint, lo que acaba saturando la cola de solicitudes y dejando al servidor incapacitado para gestionar otras solicitudes."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:h2o:h2o:3.46.1:*:*:*:*:*:*:*","matchCriteriaId":"586854EB-3FFB-4887-9E51-2CE97CCE8B53"}]}]}],"references":[{"url":"https://huntr.com/bounties/3fe640df-bef4-4072-8890-0d12bc2818f6","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}