CVE-2024-8616

HIGH

h2o 3.46.0 - Arbitrary File Overwrite via mexport.dir Parameter

Title source: llm

Description

In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a

Scores

CVSS v3 8.2

EPSS 0.0048

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-73

Status published

Products (3)

ai.h2o/h2o-core 3.10.4.1Maven

h2o/h2o 3.46.0

pypi/h2o 3.10.4.1PyPI

Published Mar 20, 2025

Tracked Since Feb 18, 2026