Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Deletion in aimhubio/aim
Vulnerability Description
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Aim 路径遍历漏洞
Vulnerability Description
Aim是美国Aim开源的一个易于使用和高性能的开源实验跟踪器。 Aim 3.22.0版本存在路径遍历漏洞,该漏洞源于LocalFileManager._cleanup函数未验证文件路径,可能导致任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A