{"id":"CVE-2024-2195","details":"A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions \u003e= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.","aliases":["GHSA-mxvw-cj37-8g2h"],"modified":"2026-03-14T12:30:57.039597Z","published":"2024-04-10T17:15:54.067Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/22f2355e-b875-4c01-b454-327e5951c018"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}