Home > Vulnerability Database > CVE-2024-6396

Mend.io Vulnerability Database

CVE-2024-6396

Date: July 11, 2024

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.

Language: Python

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6396

Url: https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0

Url: https://www.mend.io/vulnerability-database/CVE-2024-6396

Severity Score

9.8

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6396

Date: July 11, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?