Approved changes feed: RSS · Atom
cpe:2.3:a:aimhubio:aim:3.19.3:*:*:*:*:*:*:*
part: a version: 3.19.3 update: *
| Vendor | Aimhubio (9426dfad-e771-5a21-89e2-df29d78b9f28) |
|---|---|
| Product | Aim (3a1ef0cd-10a4-5adb-955b-46d922b84542) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6578 |
vulnerable | 2026-06-08 06:58:19.928356 |
Stored XSS in aimhubio/aim
HIGH (7.2)
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
Published: 2024-07-29T18:37:16.820Z
Updated: 2024-08-01T21:41:03.725Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6396 |
vulnerable | 2026-06-08 06:58:19.333039 |
Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim
CRITICAL (9.8)
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.
Published: 2024-07-12T00:00:14.599Z
Updated: 2024-08-01T21:41:03.285Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6227 |
vulnerable | 2026-06-08 06:58:18.294396 |
Infinite Loop in aimhubio/aim
HIGH (7.5)
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
Published: 2024-07-08T19:06:31.579Z
Updated: 2024-08-30T15:25:02.656Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.