Aimstack Aim 3.19.3 for Python
Approved changes feed: RSS · Atom
cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:python:*:*
part: a version: 3.19.3 update: *
| Vendor | Aimstack (886a7568-eb42-5ce4-86a3-4dd539834f04) |
|---|---|
| Product | Aim (a8a21397-1046-5603-af83-2b9493054697) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | python |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aimhubio/aim |
purl2cpe | 2026-06-01 10:11:46.072187 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6829 |
vulnerable | 2026-06-08 06:58:20.551519 |
Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim
CRITICAL (9.1)
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.path` and `run_hash` to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files. This can lead to arbitrary data being written to arbitrary locations on the remote tracking server, which could be used for further attacks such as writing a new SSH key to the target server.
Published: 2025-03-20T10:10:50.251Z
Updated: 2025-03-20T18:15:48.518Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6483 |
vulnerable | 2026-06-08 06:58:19.569288 |
Arbitrary File/Directory Deletion in aimhubio/aim
MEDIUM (5.3)
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
Published: 2025-03-20T10:09:36.384Z
Updated: 2025-03-20T18:37:01.937Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6396 |
vulnerable | 2026-06-08 06:58:19.335329 |
Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
CRITICAL (9.8)
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.
Published: 2024-07-12T00:00:14.599Z
Updated: 2024-08-01T21:41:03.285Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.