Home > Vulnerability Database > CVE-2021-43775

Mend.io Vulnerability Database

CVE-2021-43775

Good to know:

Date: November 23, 2021

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with â€œdot-dot-slash (../)â€? sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.

Language: Python

Severity Score

4.3

Related Resources (7)

Url: https://github.com/aimhubio/aim/issues/999

Url: https://github.com/aimhubio/aim/security/advisories/GHSA-8phj-f9w2-cjcc

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-43775

Url: https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16

Url: https://github.com/aimhubio/aim/pull/1003/commits/f01266a1a479ef11d7d6c539e7dd89e9d5639738

Url: https://github.com/aimhubio/aim/pull/1003

Url: https://www.mend.io/vulnerability-database/CVE-2021-43775

Severity Score

4.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version aim - 3.1.0

Learn More

CVSS v3

Base Score:	4.3
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	9.0
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-43775

Good to know:

Date: November 23, 2021

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?