Lucene search
K
AimstackAim

4 matches found

CVE
CVE
added 2024/04/10 5:8 p.m.107 views

CVE-2024-2196

The aimhubio/aim Cross-Site Request Forgery (CSRF) vulnerability is caused by missing CSRF and CORS protections in the aim dashboard. An attacker can lure a logged-in user into issuing unauthorized requests, enabling actions such as deleting runs, updating data, and exfiltrating log records or no...

8.8CVSS8.6AI score0.00587EPSS
CVE
CVE
added 2021/11/23 7:15 p.m.93 views

CVE-2021-43775

CVE-2021-43775 affects the Aim open‑source, self‑hosted machine learning experiment tracker. Public records describe a path traversal vulnerability in versions prior to 3.1.0, exploitable by manipulating references to files using dot-dot-slash sequences or absolute paths to access arbitrary files...

8.6CVSS8.5AI score0.01846EPSS
CVE
CVE
added 2025/03/20 10:11 a.m.59 views

CVE-2024-8238

CVE-2024-8238 affects aimhubio/aim v3.22.0 where AimQL uses an outdated safer_getattr() from RestrictedPython, failing to block str.format_map() and allowing access to arbitrary Python attributes (e.g., os.environ) and potential unrestricted code execution if a malicious .dll/.so is loaded. Multi...

8.1CVSS7.4AI score0.00702EPSS
CVE
CVE
added 2025/07/22 12:0 a.m.42 views

CVE-2025-51464

The CVE-2025-51464 entry affects aimhubio Aim version 3.28.0. A cross-site scripting (XSS) vulnerability exists in the /api/reports endpoint where Python code is submitted and interpreted by Pyodide when a report is viewed, allowing execution of arbitrary JavaScript in a victim’s browser via pyod...

8.8CVSS7.1AI score0.006EPSS
Web