CVE-2024-6851
- Source
- https://cve.org/CVERecord?id=CVE-2024-6851
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6851.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-6851
- Aliases
- Published
- 2025-03-20T10:15:34.247Z
- Modified
- 2026-03-12T17:19:31.133442Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
- References
Affected packages
Git / github.com/aimhubio/aim
Affected versions
Other
pre-launch
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v1.*
v1.0.0
v1.0.2
v1.1.0
v1.1.1
v1.2.7rc1
v2.*
v2.1.6
v2.2.0
v2.2.1
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v3.*
v3.0.0
v3.0.0-beta5
v3.0.0-beta6
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.1.1
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.11.1
v3.11.2
v3.12.0
v3.12.1
v3.12.2
v3.13.0
v3.13.1
v3.13.2
v3.13.3
v3.13.4
v3.14.0
v3.14.1
v3.14.2
v3.14.3
v3.14.4
v3.15.0
v3.15.1
v3.15.2
v3.16.0
v3.16.1
v3.16.2
v3.17.0
v3.17.1
v3.17.2
v3.17.3
v3.17.4
v3.17.5
v3.18.1
v3.19.0
v3.19.1
v3.19.2
v3.19.3
v3.2.0
v3.2.1
v3.2.2
v3.20.1
v3.21.0
v3.22.0
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.8.0
v3.8.1
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.4