4 matches found
llm-toys (=0.1.1), tcbench (>=0.0.20 <=0.0.22) +1 more potentially affected by CVE-2024-6483 via aim (>=3.17.4 <=3.19.3)
aim PYPI version =3.17.4, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2024-6483 Source advisory: OSV:GHSA-P6X3-V6G3-7557...
CVE-2024-6483 Arbitrary File/Directory Deletion in aimhubio/aim
A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...
CVE-2024-6483 Arbitrary File/Directory Deletion in aimhubio/aim
A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...
CVE-2024-6483
The CVE-2024-6483 entry concerns aimhubio/aim v3.19.3 with a path traversal flaw in the runs/delete-batch endpoint. The issue allows arbitrary file/directory deletion via user-specified run-names, risking denial of service or data loss. Reports from multiple sources (Red Hat, NVD, OSV, GHSA, Snyk...