CVE-2024-6854

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:h2o:h2o:3.46.0:*:*:*:*:*:*:*

History

15 Jul 2025, 15:55

Type	Values Removed	Values Added
CPE		cpe:2.3:a:h2o:h2o:3.46.0:::::::*
First Time		H2o h2o H2o
References	~~() https://huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2 -~~	() https://huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2 - Exploit, Third Party Advisory
Summary		(es) En la versión 3.46.0 de h2oai/h2o-3, el endpoint para exportar modelos no restringe la ubicación de exportación, lo que permite a un atacante exportar un modelo a cualquier archivo de la estructura de archivos del servidor y, por lo tanto, sobrescribirlo. Esta vulnerabilidad puede explotarse para sobrescribir cualquier archivo del servidor objetivo con un archivo de modelo entrenado, aunque el contenido de la sobrescritura no esté bajo el control del atacante.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-07-15 15:55

NVD link : CVE-2024-6854

Mitre link : CVE-2024-6854

CVE.ORG link : CVE-2024-6854

JSON object : View

Products Affected

h2o

CWE

CWE-36

Absolute Path Traversal

7.1 /10