Approved changes feed: RSS · Atom
cpe:2.3:a:aimhubio:aim:3.0.0:*:*:*:*:*:*:*
part: a version: 3.0.0 update: *
| Vendor | Aimhubio (9426dfad-e771-5a21-89e2-df29d78b9f28) |
|---|---|
| Product | Aim (3a1ef0cd-10a4-5adb-955b-46d922b84542) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8863 |
vulnerable | 2026-06-08 07:00:25.859857 |
aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting
LOW (3.5)
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2024-09-14T23:00:05.339Z
Updated: 2024-09-16T14:13:21.333Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2195 |
vulnerable | 2026-06-08 06:33:30.554385 |
Remote Code Execution in aimhubio/aim
CRITICAL (9.8)
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.
Published: 2024-04-10T17:08:12.635Z
Updated: 2024-08-01T19:03:39.092Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.