CVE-2024-8616 HIGH

CVE-2024-8616: Arbitrary File Overwrite in h2oai/h2o-3

Vendor H2Oai
Product h2oai/h2o-3
Weakness CWE-73
Published March 20, 2025
Last update March 20, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated