Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary file reading vulnerability in Aim
Vulnerability Description
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Aim 路径遍历漏洞
Vulnerability Description
Aim是美国的一个易于使用和高性能的开源实验跟踪器。 Aim 3.1.0之前版本存在路径遍历漏洞,攻击者可利用该漏洞通过操纵引用具有点-点斜杠(../)序列及其变体的文件的变量,或通过使用绝对文件路径,可以访问存储在文件系统上的任意文件和目录,包括应用程序源代码或配置以及关键系统文件。
CVSS Information
N/A
Vulnerability Type
N/A