Security Advisory

CVE-2024-6851

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:09:55

Last updated 2025-03-20 18:32:59

Assigner @huntr_ai

State PUBLISHED

Description

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.

← Browse all CVEs View on cve.org ↗