A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 29 Jul 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Aimstack
Aimstack aim
CPEs cpe:2.3:a:aimstack:aim:*:*:*:*:*:python:*:*
Vendors & Products Aimstack
Aimstack aim

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2024-08-01T19:03:39.092Z

Reserved: 2024-03-05T17:05:44.917Z

Link: CVE-2024-2195

cve-icon Vulnrichment

Updated: 2024-08-01T19:03:39.092Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-10T17:15:54.067

Modified: 2025-07-29T20:31:13.403

Link: CVE-2024-2195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T15:42:39Z