CVE-2024-8616

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 version 3.46.0

Description The issue arises from the /99/Models/{name}/json endpoint, which allows for arbitrary file overwrite on the target server. This is due to the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for writing model details, potentially leading to overwriting files at arbitrary locations on the host system.

Recommendations For version 3.46.0, consider disabling the exportModelDetails function in ModelsHandler.java as a temporary workaround to prevent arbitrary file overwrite until a patch is available. Restrict access to the /99/Models/{name}/json endpoint to minimize the risk of exploitation. Avoid using the mexport.dir parameter in the affected endpoint until the issue is resolved.