H2O-3 3.46.0 arbitrary file overwrite via /99/Models endpoint
CVE-2024-8616 Published on March 20, 2025
Arbitrary File Overwrite in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2024-8616
Want to know whenever a new CVE is published for H2o? stack.watch will email you.
Affected Versions
h2oai/h2o-3:- Version unspecified, <= latest is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.