Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in aimhubio/aim
Vulnerability Description
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Aim 代码注入漏洞
Vulnerability Description
Aim是美国的一个易于使用和高性能的开源实验跟踪器。 Aim 3.0.0版本及之后版本存在代码注入漏洞。攻击者利用该漏洞能够在服务器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A