Enviar #580253: aim 3.29.1 Sandbox Issueinformación

Títuloaim 3.29.1 Sandbox Issue
DescripciónAim is an open-source, lightweight, and performant experiment tracking tool for machine learning (ML) projects. It helps track, compare, and visualize AI model training runs and metadata. However, a critical vulnerability was identified that allows an attacker to escape the intended Python sandbox and achieve remote code execution (RCE). By leveraging the unsanitized run_view object passed into the sandbox environment as part of the local namespace, attackers can execute arbitrary system commands through the exposed web API.
Fuente⚠️ https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c
Usuario
 Gavin Zhong (UID 84092)
Sumisión2025-05-18 18:11 (hace 11 meses)
Moderación2025-05-29 10:11 (11 days later)
EstadoAceptado
Entrada de VulDB310492 [aimhubio aim hasta 3.29.1 run_view Object /aim/storage/query.py RestrictedPythonQuery Consulta escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!