Remote Code Execution in aimhubio/aim

Vulnerability

Description

A critical Remote Code Execution (RCE) vulnerability exists in aimhubio/aim, an open-source ML experiment tracker[1]. The bug is located in the run_search_api function within /aim/web/api/runs/views.py at the /api/runs/search/run/ endpoint[2]. Improper restriction of user access to the RunView object allows for the injection and execution of arbitrary code through the query parameter[2].

Exploitation

The vulnerability can be exploited remotely without authentication, as the endpoint does not properly validate user inputs[2]. An attacker simply sends a crafted request to the vulnerable endpoint with malicious code in the query parameter[2]. No special privileges or network position beyond network access to the Aim service is required. The attack complexity is low, making it readily exploitable.

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the server running the Aim service[2]. This could lead to full system compromise, including data theft, service disruption, or lateral movement within the network[2]. As Aim often handles sensitive ML experiment data and metadata, the impact on confidentiality, integrity, and availability is severe.

Mitigation

The vendor has been notified through the Huntr bug bounty platform[3]. Users should immediately check for patched versions or implement temporary workarounds such as restricting network access to the /api/runs/search/run/ endpoint until a fix is applied. Given the critical severity and public disclosure, this vulnerability is likely to be actively targeted.