CVE-2024-6854: H2O Vulnerable to Arbitrary File Overwrite via File Export

March 20, 2025

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server’s file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

References

github.com/advisories/GHSA-47f6-5p7h-5f3h
github.com/h2oai/h2o-3
github.com/h2oai/h2o-3/blob/a20b5b19b769866ee24b217ee78b820e64c1cd6a/h2o-core/src/main/java/hex/Model.java
huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2
nvd.nist.gov/vuln/detail/CVE-2024-6854

Detect and mitigate CVE-2024-6854 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →