CVE-2024-6851
NONE EPSS 56.9%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.
Threat Intelligence
EPSS Exploit Probability
56.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| aimstack | aim | 3.22.0 | any |
References 1
- huntr.com https://huntr.com/bounties/839703fb-23b7-4dc4-ae81-44cd4740d3f3
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.