High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Arbitrary File Deletion in aimhubio/aim
CVE-2024-6851
Description
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimPyPI | <= 3.22.0 | — |
Affected products
2- aimhubio/aimhubio/aimv5Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.