Back to directory

WRITEUP #1896

Multiple vulnerabilities in H2O ≤ 3.32.1.3

DeserializationInsecure deserializationRCEArbitrary file readSecurity code review

by@loadlow(Clément Amic)

Program

H2O

Published

Nov 23, 2022

Added to HackDex

Nov 30, 2022

Read Full Writeuphttps://www.synacktiv.com/sites/default/files/2022-11/h2o_multiple_vulnerabilities.pdf

▸ RELATED WRITEUPS

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Studying 0days: How we hacked Anki, the world's most popular flashcard app

RCEComponents with known vulnerabilities

We hacked Anki - 0 day exploit from studying someone elses flashcards

RCEComponents with known vulnerabilities

Spip Preauth RCE 2024: Part 2, A Big Upload

Built with ❤️ by Shubham Rawat