CVE-2023-6569

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 (affected versions not specified)

Description The issue allows unauthenticated users to overwrite any file accessible to the user who executes h2o.init(), potentially resulting in a denial of service. Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data, although the data is not entirely arbitrary. The attacker's data is wrapped in quotations and starts with "C1" when exporting as CSV.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.