Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF Vulnerability in aimhubio/aim
Vulnerability Description
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Aim 跨站请求伪造漏洞
Vulnerability Description
Aim是美国的一个易于使用和高性能的开源实验跟踪器。 Aim存在跨站请求伪造漏洞。攻击者利用该漏洞在未经用户同意的情况下执行删除运行、更新数据以及窃取日志记录和注释等数据等操作。
CVSS Information
N/A
Vulnerability Type
N/A