Vendor
A deserialization vulnerability exists in h2oai's h2o-3 up to version 7402, specifically within the importBinaryModel function of the h2o-core/src/main/java/hex/Model.java file's JAR Handler component, allowing remote exploitation through manipulation.