Aimhubio Security Vulnerabilities

CVE-2024-2195

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions >= 3.0.0. The vulnerability resides in the run_search_api function of the aim/web/api/runs/views.py file, where improper...

CVE-2024-2196

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...

CVE-2021-43775

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be.....