Lucene search
Veracode Vulnerability DatabaseVERACODE:33080HistoryNov 24, 2021 - 5:13 a.m.
Directory Traversal
2021-11-2405:13:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
directory traversal
arbitrary access
file system manipulation
EPSS
0.002
Percentile
57.3%
aim is vulnerable to directory traversal. An attacker can access arbitrary files and directories stored on a file system by manipulating variables that reference files with dot-dot-slash (../) sequences and their variations or by using absolute file paths.
References
github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16
github.com/aimhubio/aim/issues/999
github.com/aimhubio/aim/pull/1003
github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738
github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc
Related
cve
cve
CVE-2021-43775
2021-11-23 21:15:20
osv
osv
PYSEC-2021-839
2021-11-23 21:15:00
Arbitrary file reading vulnerability in Aim
2021-11-23 22:03:23
CVE-2021-43775
2021-11-23 21:15:20
cvelist
cvelist
CVE-2021-43775 Arbitrary file reading vulnerability in Aim
2021-11-23 19:15:13
prion
prion
Path traversal
2021-11-23 21:15:00
cnvd
cnvd
Aim path traversal vulnerability
2021-11-25 00:00:00
nvd
nvd
CVE-2021-43775
2021-11-23 21:15:20
github
github
Arbitrary file reading vulnerability in Aim
2021-11-23 22:03:23