CVE-2021-43775
Last modified
CVE-2021-43775 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. EPSS estimates a 1.85% chance of exploitation in the next 30 days.
Description
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aimstack | Aim | < 3.1.0 |
References
- https://github.com/aimhubio/aim/issues/999Issue Tracking, Third Party Advisory
- https://github.com/aimhubio/aim/pull/1003Patch, Third Party Advisory
- https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjccExploit, Third Party Advisory
- https://github.com/aimhubio/aim/issues/999Issue Tracking, Third Party Advisory
- https://github.com/aimhubio/aim/pull/1003Patch, Third Party Advisory
- https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjccExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-43775?
How severe is CVE-2021-43775?
How do I fix CVE-2021-43775?
Are you affected by CVE-2021-43775?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST