exploitDog

CVE-2024-8616

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

In h2oai/h2o-3 version 3.46.0, the /99/Models/{name}/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.

Ссылки

https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:h2o:h2o:3.46.0:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00143

Низкий

8.2 High

CVSS3

Дефекты

CWE-73

Связанные уязвимости

GHSA-g48v-3p35-88jr

CVSS3: 8.2

github

11 месяцев назад

H2O Vulnerable to Arbitrary File Overwrite

EPSS

Процентиль: 35%

0.00143

Низкий

8.2 High

CVSS3

Дефекты

CWE-73