CVE-2024-8616

HIGH8.2EPSS 0.24%

H2O Vulnerable to Arbitrary File Overwrite

Published: 3/20/2025Modified: 3/20/2025

Description

In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

Affected packages (2)

Maven/ai.h2o:h2o-core>= 3.10.4.1, <= 3.46.0
PyPI/h2o>= 3.10.4.1, <= 3.46.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-8616
PATCHhttps://github.com/h2oai/h2o-3
WEBhttps://github.com/h2oai/h2o-3/blob/088190f9d0370a02a483fca68d8dc89c996b4f83/h2o-core/src/main/java/water/api/ModelsHandler.java#L310
WEBhttps://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a