CVE-2021-43775

 

Published at: - 23-11-2021 10:15

Last modified: - 25-01-2023 02:58

Total changes: - 7

Description

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://github.com/aimhubio/aim/issues/999
• https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc
• https://github.com/aimhubio/aim/pull/1003
• https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16
• https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738

 

Keywords

NVD

 

CVE-2021-43775

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures