CVE-2024-8238

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8238

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8238.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8238

Aliases

GHSA-r229-5wgf-f28g

Published

2025-03-20T10:15:41Z

Modified

2025-10-22T07:49:46.926309Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr() function from RestrictedPython. This version does not protect against the str.formatmap() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution. The vulnerability arises because str.formatmap() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.formatmap() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.

References

https://huntr.com/bounties/4e140ef9-f6d1-4e68-a44c-3b9e856924d3

Affected packages

Git / github.com/aimhubio/aim

Affected ranges

Type: GIT
Repo: https://github.com/aimhubio/aim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

88ac143708fad8737094b74e9e5b25689d18f1a6

Affected versions

Other

pre-launch

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v1.*

v1.0.0

v1.0.2

v1.1.0

v1.1.1

v1.2.7rc1

v2.*

v2.1.6

v2.2.0

v2.2.1

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v3.*

v3.0.0

v3.0.0-beta5

v3.0.0-beta6

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.1.0

v3.1.1

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.11.1

v3.11.2

v3.12.0

v3.12.1

v3.12.2

v3.13.0

v3.13.1

v3.13.2

v3.13.3

v3.13.4

v3.14.0

v3.14.1

v3.14.2

v3.14.3

v3.14.4

v3.15.0

v3.15.1

v3.15.2

v3.16.0

v3.16.1

v3.16.2

v3.17.0

v3.17.1

v3.17.2

v3.17.3

v3.17.4

v3.17.5

v3.18.1

v3.19.0

v3.19.1

v3.19.2

v3.19.3

v3.2.0

v3.2.1

v3.2.2

v3.20.1

v3.21.0

v3.22.0

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.8.0

v3.8.1

v3.9.0

v3.9.1

v3.9.2

v3.9.3

v3.9.4