An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
h2o h2o -