VYPR
Medium severity5.3NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026

CVE-2024-6483

CVE-2024-6483

Description

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimPyPI
<= 3.19.3

Affected products

2
  • ghsa-coords
    Range: <= 3.19.3
  • aimhubio/aimhubio/aimv5
    Range: unspecified

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.