{"id":"CVE-2024-8616","details":"In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, where the user-controllable `mexport.dir` parameter is used to specify the file path for writing model details. This can lead to overwriting files at arbitrary locations on the host system.","aliases":["GHSA-g48v-3p35-88jr"],"modified":"2026-03-12T17:26:55.876172Z","published":"2025-03-20T10:15:43.590Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/aebf69a5-b9b1-4d2f-a8ff-902c11a8c97a"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.46.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8616.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}