Remote Code Execution (RCE)

aim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper user access restriction to the RunView object, allowing for the execution of arbitrary code via a crafted query parameter to the /api/runs/search/run/ endpoint...

GHSA-MXVW-CJ37-8G2H Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

CVE-2024-2195

CVE-2024-2195 affects aimhubio/aim (versions ≥ 3.0.0). The issue is in the REST endpoint “/api/runs/search/run/” where the run_search_api in aim/web/api/runs/views.py fails to properly restrict access to the RunView object, allowing arbitrary code execution via the query parameter. Impact is high...

CVE-2024-2195 Remote Code Execution in aimhubio/aim

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...