Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for aim
.
aim is a super-easy way to record, search and compare AI experiments.
Affected versions of this package are vulnerable to External Control of File Name or Path via the restore_run_backup
function. An attacker can write arbitrary data to arbitrary locations on the host server by controlling repo.path
and run_hash
to bypass directory existence checks and extract files to unintended locations, potentially overwriting critical files.