CVE-2024-6854

Published: Mar 20, 2025

Modified: Mar 20, 2025

PUBLISHED

CVSS v3.0

7.1

HIGH

Description

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

Vendor	Product	Versions
h2oai	h2oai/h2o-3	affected `unspecified - <= latest`

Weaknesses (CWE)

CWE-36

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-6854

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References