cvedb.io
CVE-2024-6483
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:32.863 · Last modified 2026-06-17T08:18:06.130

Summary

A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion. This can be exploited to delete arbitrary files or directories, potentially causing denial of service or data loss.

Affected products

aimstack — aim

Does this affect you?

Add your gear to cvedb and we'll alert you only when aimstack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.