修复版本
3.25.1
CVE-2024-2195 is a critical Remote Code Execution (RCE) vulnerability affecting aimhubio/aim versions 3.0.0 and earlier, up to and including 3.25.0. This vulnerability allows attackers to execute arbitrary commands on the server, potentially leading to complete system compromise. The flaw resides in the /api/runs/search/run/ endpoint, where insufficient access controls permit unauthorized code execution. A patch is available.
The impact of CVE-2024-2195 is severe. An attacker exploiting this vulnerability can execute arbitrary commands with the privileges of the application user on the affected server. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The vulnerability's location within the API endpoint suggests a high degree of accessibility, potentially allowing remote attackers to exploit it without requiring authentication, depending on the overall aimhubio/aim deployment configuration. Successful exploitation could mirror the impact of other RCE vulnerabilities where attackers gain root access and full control over the system.
CVE-2024-2195 was publicly disclosed on April 10, 2024. The vulnerability's critical CVSS score and ease of exploitation suggest a high probability of exploitation. As of this writing, there are no publicly available exploits, but the vulnerability is listed on KEV (CISA Known Exploited Vulnerabilities) catalog. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Organizations deploying aimhubio/aim in production environments, particularly those with exposed API endpoints, are at significant risk. Environments with weak access controls or inadequate input validation are especially vulnerable. Shared hosting environments utilizing aimhubio/aim should be considered high-priority targets.
• python / server:
ps aux | grep aimhubio• python / server:
journalctl -u aimhubio -f | grep "run_search_api"• generic web:
curl -I https://<your_aimhubio_server>/api/runs/search/run/ | grep -i 'query='disclosure
discovery
kev
漏洞利用状态
EPSS
8.38% (92% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-2195 is to upgrade aimhubio/aim to a version with the security patch. Consult the aimhubio/aim project's release notes for the latest patched version. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting access to the /api/runs/search/run/ endpoint using a Web Application Firewall (WAF) or proxy server. Configure the WAF to block requests with suspicious or overly complex query parameters. Thoroughly review and validate all user inputs to the query parameter to prevent malicious code injection. After upgrading, confirm the vulnerability is resolved by attempting a controlled code execution attempt through the /api/runs/search/run/ endpoint with a benign command.
Actualice aimhubio/aim a la última versión disponible. Esto solucionará la vulnerabilidad de ejecución remota de código. Consulte las notas de la versión para obtener más detalles sobre la actualización.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-2195 is a critical Remote Code Execution vulnerability in aimhubio/aim versions up to 3.25.0, allowing attackers to execute arbitrary code via the /api/runs/search/run/ endpoint.
You are affected if you are running aimhubio/aim versions between 3.0.0 and 3.25.0 (inclusive).
Upgrade to a patched version of aimhubio/aim. Consult the project's release notes for the latest version. Implement WAF rules as a temporary workaround.
While no public exploits are currently available, the vulnerability's critical severity and KEV listing suggest a high probability of exploitation.
Refer to the aimhubio/aim project's official release notes and security advisories on their GitHub repository.
上传你的 requirements.txt 文件,立即知道是否受影响。