CVE-2024-6396

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.19.3

Description The issue arises from improper handling of the run hash and repo.path parameters in the backup run function, allowing remote attackers to manipulate these parameters and create or write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

Recommendations For aimhubio/aim version 3.19.3, as a temporary workaround, consider disabling the backup run function until a patch is available. Restrict access to the repo.path parameter to minimize the risk of exploitation. Avoid using the run hash parameter in the affected function until the issue is resolved.