Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim
Vulnerability Description
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. This vulnerability is exposed through the `Repo._close_run()` method, which is accessible via the tracking server instruction API. As a result, an attacker can exploit this to delete any arbitrary file on the machine running the tracking server.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Aim 安全漏洞
Vulnerability Description
Aim是美国Aim开源的一个易于使用和高性能的开源实验跟踪器。 Aim bb76afe版本存在安全漏洞,该漏洞源于LockManager.release_locks函数未对用户可控参数进行规范化处理,可能导致任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A