Aim@3.22.0 Security Vulnerabilities and Issues — Aim@3.22.0 CVE List

Lucene search

AimstackAim3.22.0

3 matches found

CVE•added 2025/03/20 10:15 a.m.•35 views

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execu...

8.1CVSS7.4AI score0.00097EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glo...

7.5CVSS7.5AI score0.00232EPSS

CVE•added 2025/03/20 10:15 a.m.•29 views

CVE-2024-7760

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS8.1AI score0.00062EPSS