CVE-2024-8616 Information

Description

In h2oai/h2o-3 version 3.46.0 the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java where the user-controllable mexport.dir parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

Reference

https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a