CVE-2024-2195

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-2195

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2195.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-2195

Aliases

GHSA-mxvw-cj37-8g2h

Published

2024-04-10T17:15:54.067Z

Modified

2026-03-14T12:30:57.039597Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions >= 3.0.0. The vulnerability resides in the run_search_api function of the aim/web/api/runs/views.py file, where improper restriction of user access to the RunView object allows for the execution of arbitrary code via the query parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.

References

https://huntr.com/bounties/22f2355e-b875-4c01-b454-327e5951c018

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2195.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "3.0.0"
            }
        ]
    }
]