To report a possible security vulnerability, please email email@example.com
8/10/23 – H2O-3 Incident Communication for INC-4782
Dear valued customers,
H2O-3 is an open source product provided by H2O.ai - the source code is hosted in GitHub https://github.com/h2oai/h2o-3 and H2O.ai provides enterprise support to help customers with installation, deployment, security, and machine learning problems. Considering our community of users of H2O-3, the default configuration focuses on easy installation and use without any major obstacles. However, we also publish Security guidelines for end-users who would like to secure their open source installations.
Based on findings in the article published in https://mlsecops.com/resources/hacking-ai-h2o-exposes-entire-filesystem, we are going to highlight the Security guidelines documentation section and the importance of secure setup. Furthermore, we are going to make necessary changes in the product to simplify the secure setup for open-source users.
H2O.ai Customer Support