CVE-2024-6483
published 2025-03-20CVE-2024-6483: A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The…
PriorityP432medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EPSS
0.81%
52.4th percentile
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aimhubio | aimhubio_aim | unspecified – latest | — |
| aimstack | aim | — | — |
| aimstack | aim | 0 – 3.19.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Aim Relative Path Traversal vulnerability
ghsa·2025-03-20
CVE-2024-6483 [MEDIUM] CWE-23 Aim Relative Path Traversal vulnerability
Aim Relative Path Traversal vulnerability
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
OSV
Aim Relative Path Traversal vulnerability
osv·2025-03-20
CVE-2024-6483 [MEDIUM] Aim Relative Path Traversal vulnerability
Aim Relative Path Traversal vulnerability
A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published