GHSA-mxvw-cj37-8g2h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mxvw-cj37-8g2h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mxvw-cj37-8g2h/GHSA-mxvw-cj37-8g2h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mxvw-cj37-8g2h
- Aliases
-
- CVE-2024-2195
- Published
- 2024-04-10T18:30:48Z
- Modified
- 2024-10-25T19:24:33.756384Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Aim Web API vulnerable to Remote Code Execution
- Details
-
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the
/api/runs/search/run/endpoint, affecting versions >= 3.0.0. The vulnerability resides in therun_search_apifunction of theaim/web/api/runs/views.pyfile, where improper restriction of user access to theRunViewobject allows for the execution of arbitrary code via thequeryparameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. - Database specific
{ "nvd_published_at": "2024-04-10T17:15:54Z", "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-10T22:19:53Z" }- References
Affected packages
PyPI / aim
Package
- Name
- aim
- View open source insights on deps.dev
- Purl
- pkg:pypi/aim
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.8.0
3.8.1
3.9.0a1
3.9.0a14
3.9.2
3.9.3
3.9.4
3.10.0.dev9
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0.dev4
3.11.0
3.11.1.dev1
3.11.1
3.11.2
3.12.0.dev2
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.15.2
3.16.0
3.16.1
3.16.2
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5rc1
3.17.5rc2
3.17.5rc3
3.17.5rc4
3.17.5
3.18.0.dev2
3.18.0.dev3
3.18.0.dev4
3.18.0.dev5
3.18.0
3.18.1
3.19.0
3.19.1
3.19.2
3.19.3
3.20.1
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0.dev20240814
3.25.0.dev20240815
3.25.0.dev20240816
3.25.0.dev20240817
3.25.0.dev20240818
3.25.0.dev20240819
3.25.0.dev20240820
3.25.0.dev20240821
3.25.0.dev20240822
3.25.0.dev20240823
3.25.0.dev20240824
3.25.0.dev20240825
3.25.0.dev20240826
3.25.0.dev20240827
3.25.0.dev20240828
3.25.0.dev20240829
3.25.0.dev20240830
3.25.0.dev20240831
3.25.0.dev20240901
3.25.0.dev20240927
3.25.0.dev20240928
3.25.0.dev20240929
3.25.0.dev20240930
3.25.0.dev20241001
3.25.0