[GHSA-mxvw-cj37-8g2h] Aim Web API vulnerable to Remote Code Execution #4938

LArkema · 2024-10-25T15:43:14Z

Updates

Affected products

Comments
Package was not patched after version 3.17.5. See aimhubio/aim@v3.17.5...v3.18.1 and https://security.snyk.io/package/pip/aim/3.25.0

JonathanLEvans · 2024-10-25T19:18:45Z

Hi @LArkema, I looked at the changes to aim/sdk/sequence_collection.py, aim/storage/query.py, and aim/web/api/runs/views.py and none of them seem to address the vulnerability so I am upping the affected range to the most recent version.

advisory-database · 2024-10-25T19:19:01Z

Hi @LArkema! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-mxvw-cj37-8g2h

9dff472

github-actions bot changed the base branch from main to LArkema/advisory-improvement-4938 October 25, 2024 15:44

advisory-database bot merged commit 444212e into LArkema/advisory-improvement-4938 Oct 25, 2024
2 checks passed

advisory-database bot deleted the LArkema-GHSA-mxvw-cj37-8g2h branch October 25, 2024 19:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-mxvw-cj37-8g2h] Aim Web API vulnerable to Remote Code Execution #4938

[GHSA-mxvw-cj37-8g2h] Aim Web API vulnerable to Remote Code Execution #4938

LArkema commented Oct 25, 2024

JonathanLEvans commented Oct 25, 2024

advisory-database bot commented Oct 25, 2024

[GHSA-mxvw-cj37-8g2h] Aim Web API vulnerable to Remote Code Execution #4938

[GHSA-mxvw-cj37-8g2h] Aim Web API vulnerable to Remote Code Execution #4938

Conversation

LArkema commented Oct 25, 2024

JonathanLEvans commented Oct 25, 2024

advisory-database bot commented Oct 25, 2024