{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:05:44.477","vulnerabilities":[{"cve":{"id":"CVE-2024-6851","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:34.247","lastModified":"2025-07-23T20:57:20.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion."},{"lang":"es","value":"En la versión 3.22.0 de aimhubio/aim, la función LocalFileManager._cleanup del servidor de seguimiento de AIM acepta un patrón glob especificado por el usuario para eliminar archivos. Esta función no verifica que los archivos coincidentes se encuentren en el directorio administrado por LocalFileManager, lo que permite que un patrón glob manipulado con fines maliciosos provoque la eliminación arbitraria de archivos."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimstack:aim:3.22.0:*:*:*:*:python:*:*","matchCriteriaId":"3BC21D48-2995-448A-ACF4-AB078A1A619B"}]}]}],"references":[{"url":"https://huntr.com/bounties/839703fb-23b7-4dc4-ae81-44cd4740d3f3","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}