CVE-2024-2195
CVE-2024-2195 affects aimhubio/aim (versions ≥ 3.0.0). The issue is in the REST endpoint “/api/runs/search/run/” where the run_search_api in aim/web/api/runs/views.py fails to properly restrict access to the RunView object, allowing arbitrary code execution via the query parameter. Impact is high...