CVE-2021-43775

Name of the Vulnerable Software and Affected Versions: Aim versions prior to 3.1.0

Description: Aim is an open-source, self-hosted machine learning experiment tracking tool. The issue allows for a path traversal attack, which can be exploited by manipulating variables that reference files with "dot-dot-slash (../)" sequences and its variations or by using absolute file paths. This may allow access to arbitrary files and directories stored on the file system, including application source code or configuration and critical system files.

Recommendations: For Aim versions prior to 3.1.0, update to version 3.1.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using absolute file paths or variables that reference files with "dot-dot-slash (../)" sequences and its variations in the affected API endpoints until the issue is resolved.