PyPi: Aim

CVE-2024-6851

Safety vulnerability ID: 76249

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 20, 2025 Updated at Apr 02, 2025

Scan your Python projects for vulnerabilities →

Advisory

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.

Affected package

aim

Latest version: 4.0.3

A super-easy way to record, search and compare AI experiments.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-mrvr-7493-pfq3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6851

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application