Lucene search
K

4 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-6483

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

5.3CVSS0.00814EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.56 views

CVE-2024-6829

CVE-2024-6829 affects aimhubio/aim 3.19.3. The vulnerability arises in tarfile.extractall(), allowing an attacker-controlled tarfile to be extracted to arbitrary locations on the host by manipulating repo.path and run_hash. This bypasses directory existence checks and can result in arbitrary file...

9.1CVSS7.1AI score0.0081EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/29 9:30 p.m.17 views

GHSA-P9F2-JG9W-CX69 Aim Stored Cross-site Scripting Vulnerability

A stored cross-site scripting XSS vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML...

6.1CVSS5.8AI score0.00282EPSS
Exploits1References3
CVE
CVE
added 2024/07/29 6:37 p.m.57 views

CVE-2024-6578

Stored XSS in aimhubio/aim 3.19.3 affects the logs-tab rendering, where logs are output with React dangerouslySetInnerHTML, allowing injected scripts to execute when a user views logs. Root cause: improper neutralization of input during web page generation. Impact: potential script execution in a...

7.2CVSS6.4AI score0.00282EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder