H2O.ai H2O-3 Arbitrary File Overwrite Vulnerability in Models JSON Export Endpoint

A vulnerability in H2O.ai H2O-3 version 3.46.0 allows for arbitrary file overwriting on the server through the '/99/Models/{name}/json' endpoint. The issue originates from the 'exportModelDetails' function in 'ModelsHandler.java', where the user-controlled 'mexport.dir' parameter specifies the file path for exporting model details. This flaw can be exploited to overwrite files at arbitrary locations on the host system.

Impact

Exploitation of this vulnerability leads to arbitrary file overwriting, with the potential to disrupt system operations or overwrite critical files.

Reproduction

To reproduce this vulnerability, upload a CSV file as a dataset and parse it into an H2O frame. After training a model using this data, export the model details to an arbitrary file path specified in the 'mexport.dir' parameter. This will overwrite any file at the target location on the server.