3 matches found
EUVD-2025-6888
Malicious code in bioql PyPI...
GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
VulnCheck KEV: CVE-2024-6396
A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated...