VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Arbitrary File Deletion in aimhubio/aim

CVE-2024-6851

Description

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimPyPI
<= 3.22.0

Affected products

2
  • ghsa-coords
    Range: <= 3.22.0
  • aimhubio/aimhubio/aimv5
    Range: unspecified

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.