Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-10553

CVE-2024-10553: H2O REST API RCE Vulnerability

CVE-2024-10553 is a remote code execution vulnerability in H2O REST API that allows unauthenticated attackers to execute arbitrary code via deserialization. This article covers technical details, affected versions, and mitigations.

Updated:

CVE-2024-10553 Overview

CVE-2024-10553 is an insecure deserialization vulnerability [CWE-502] in the h2oai/h2o-3 REST API version 3.46.0.4. Unauthenticated remote attackers can execute arbitrary code by submitting crafted requests to the POST /99/ImportSQLTable and POST /3/SaveToHiveTable endpoints. User-controlled Java Database Connectivity (JDBC) URLs are passed directly to DriverManager.getConnection, triggering deserialization of attacker-controlled data when a MySQL or PostgreSQL driver is present on the classpath. The issue is fixed in h2o-3 version 3.47.0.

Critical Impact

Unauthenticated network attackers can achieve remote code execution on h2o-3 servers exposed to untrusted clients, fully compromising the host running the machine learning platform.

Affected Products

  • h2oai/h2o-3 version 3.46.0.4
  • Deployments with MySQL JDBC driver on the classpath
  • Deployments with PostgreSQL JDBC driver on the classpath

Discovery Timeline

  • 2025-03-20 - CVE-2024-10553 published to the National Vulnerability Database (NVD)
  • 2025-07-14 - Last updated in NVD database

Technical Details for CVE-2024-10553

Vulnerability Analysis

The h2o-3 platform exposes REST endpoints that ingest data from external SQL databases. The POST /99/ImportSQLTable and POST /3/SaveToHiveTable endpoints accept a JDBC connection URL from the request body without validation. The server passes this URL to java.sql.DriverManager.getConnection, which selects a driver based on the URL scheme.

MySQL and PostgreSQL JDBC drivers support connection parameters that instruct the driver to deserialize objects returned by the server during the handshake. An attacker who controls the JDBC URL can point the connection to an attacker-operated database server. That server returns a malicious serialized Java object, which the driver deserializes inside the h2o-3 process.

When combined with gadget chains present in common Java libraries, deserialization leads to arbitrary code execution in the context of the h2o-3 service. No authentication is required because the affected endpoints are accessible to any network client.

Root Cause

The root cause is missing validation of the JDBC URL parameter before passing it to DriverManager.getConnection in h2o-core/src/main/java/water/jdbc/SQLManager.java. The application trusted user-supplied connection strings, allowing attacker-controlled hosts and driver-specific parameters such as MySQL's autoDeserialize=true or PostgreSQL's socketFactory to be set freely.

Attack Vector

The attack vector is network-based and unauthenticated. An attacker sends an HTTP POST request to a vulnerable h2o-3 instance specifying a JDBC URL that points to a malicious database server under their control. When the h2o-3 server initiates the JDBC connection, the malicious server returns a crafted response that triggers Java object deserialization, executing the attacker's gadget chain.

java
// Patch context: imports added to SQLManager.java for URL parsing and validation
import water.parser.ParseDataset;
import water.util.Log;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.sql.*;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class SQLManager {
    // GH-16425 added JDBC parameter validation prior to DriverManager.getConnection
}

Source: h2o-3 commit ac1d642b4d86f10a02d75974055baf2a4b2025ac

Detection Methods for CVE-2024-10553

Indicators of Compromise

  • HTTP POST requests to /99/ImportSQLTable or /3/SaveToHiveTable from unexpected source addresses
  • JDBC connection strings in request bodies containing autoDeserialize=true, queryInterceptors, statementInterceptors, or socketFactory parameters
  • Outbound TCP connections from the h2o-3 Java Virtual Machine (JVM) to external hosts on ports 3306 (MySQL) or 5432 (PostgreSQL)
  • Child processes spawned by the h2o-3 JVM, particularly shells, curl, or wget

Detection Strategies

  • Inspect web server and reverse proxy logs for POST requests to the two affected endpoints and alert when the JDBC URL points to non-allowlisted hosts
  • Monitor JVM process behavior for unexpected child processes or network egress, indicating gadget chain execution
  • Correlate inbound API requests with outbound database connection attempts to detect SSRF-style abuse of the JDBC client

Monitoring Recommendations

  • Centralize h2o-3 application logs and capture the full request URI and source IP for all /3/ and /99/ API calls
  • Enable JVM audit logging or Java Flight Recorder to capture ObjectInputStream.readObject calls during JDBC operations
  • Track the version of h2o-3 deployed across the environment to confirm all instances run 3.47.0 or later

How to Mitigate CVE-2024-10553

Immediate Actions Required

  • Upgrade h2o-3 to version 3.47.0 or later on all servers running version 3.46.0.4
  • Restrict network access to the h2o-3 REST API so that only trusted clients on internal networks can reach it
  • Audit the classpath and remove the MySQL and PostgreSQL JDBC drivers if SQL import functionality is not required

Patch Information

The vendor fix was committed in h2o-3 commit ac1d642b4d86f10a02d75974055baf2a4b2025ac, referenced as GH-16425 "Add JDBC parameter validation". The patch is shipped in h2o-3 release 3.47.0. See the Huntr bug bounty listing for additional context.

Workarounds

  • Block external access to the /99/ImportSQLTable and /3/SaveToHiveTable endpoints at the reverse proxy or web application firewall layer
  • Enforce an allowlist of permitted JDBC host and port combinations through network egress rules from the h2o-3 server
  • Run h2o-3 under a dedicated unprivileged service account with no outbound internet access to limit post-exploitation impact
bash
# Example nginx snippet to block the vulnerable endpoints at the proxy until patching completes
location ~ ^/(99/ImportSQLTable|3/SaveToHiveTable)$ {
    return 403;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.