CVE-2024-6396

NONE EPSS 98.9%
Published Jul 12, 20241y ago · Modified Jun 17, 20261w ago
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

Threat Intelligence

EPSS Exploit Probability
98.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-29

Affected Products 1

VendorProductVersionRange
aimstackaim3.19.3any

References 1

  • huntr.com https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.