Approved changes feed: RSS · Atom
cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aimstack (886a7568-eb42-5ce4-86a3-4dd539834f04) |
|---|---|
| Product | Aim (a8a21397-1046-5603-af83-2b9493054697) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aimhubio/aim |
purl2cpe | 2026-06-01 10:11:46.072001 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8863 |
vulnerable | 2026-06-08 07:00:25.860815 |
aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting
LOW (3.5)
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2024-09-14T23:00:05.339Z
Updated: 2024-09-16T14:13:21.333Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8769 |
vulnerable | 2026-06-08 07:00:25.685989 |
Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim
CRITICAL (9.1)
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server.
Published: 2025-03-20T10:11:22.123Z
Updated: 2025-10-15T12:50:42.461Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.