CVE-2024-6851

NONE EPSS 56.9%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.

Threat Intelligence

EPSS Exploit Probability
56.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
aimstackaim3.22.0any

References 1

  • huntr.com https://huntr.com/bounties/839703fb-23b7-4dc4-ae81-44cd4740d3f3
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.