| tiêu đề | aim 3.29.1 Sandbox Issue |
|---|
| Mô tả | Aim is an open-source, lightweight, and performant experiment tracking tool for machine learning (ML) projects. It helps track, compare, and visualize AI model training runs and metadata.
However, a critical vulnerability was identified that allows an attacker to escape the intended Python sandbox and achieve remote code execution (RCE). By leveraging the unsanitized run_view object passed into the sandbox environment as part of the local namespace, attackers can execute arbitrary system commands through the exposed web API. |
|---|
| Nguồn | ⚠️ https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c |
|---|
| Người dùng | Gavin Zhong (UID 84092) |
|---|
| Đệ trình | 18/05/2025 18:11 (cách đây 11 các tháng) |
|---|
| Kiểm duyệt | 29/05/2025 10:11 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 310492 [aimhubio aim đến 3.29.1 run_view Object /aim/storage/query.py RestrictedPythonQuery truy vấn nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|