CVE-2024-8238
Published: 20 March 2025
Summary
CVE-2024-8238 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Aimstack Aim. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses CVE-2024-8238 by patching the outdated safer_getattr() function in AimQL to prevent str.format_map() exploitation.
Information input validation on AimQL queries prevents attackers from injecting malicious str.format_map() payloads to access arbitrary attributes like os.environ.
Information output filtering blocks the disclosure of server-side secrets leaked through exploited AimQL query responses.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in AimQL enables exploitation of public-facing Aim server (T1190), leaking server-side secrets like os.environ (T1212), and unrestricted Python code execution (T1059.006) potentially via malicious DLL/SO loading.
NVD Description
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code…
more
execution. The vulnerability arises because str.format_map() can read arbitrary attributes of Python objects, enabling attackers to access sensitive variables such as os.environ. If an attacker can write files to a known location on the Aim server, they can use str.format_map() to load a malicious .dll/.so file into the Python interpreter, leading to unrestricted code execution.
Deeper analysisAI
CVE-2024-8238 is a vulnerability in version 3.22.0 of aimhubio/aim, an open-source tool likely used for machine learning experiment tracking. The issue resides in the AimQL query language, which relies on an outdated version of the safer_getattr() function from RestrictedPython. This implementation fails to protect against the str.format_map() method, enabling attackers to read arbitrary attributes of Python objects and leak server-side secrets, such as those in os.environ, or potentially achieve unrestricted code execution.
Remote, unauthenticated attackers can exploit this vulnerability over the network with no user interaction required, though it demands high attack complexity. Initial exploitation allows extraction of sensitive environment variables and other secrets. If the attacker can write files to a known location on the Aim server, they can leverage str.format_map() to load a malicious .dll or .so file into the Python interpreter, resulting in full code execution. The CVSS v3.1 base score is 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), mapped to CWE-1336 (Incorrect Handling of Shared Resource Lifetime).
Details on advisories, patches, or mitigations are available in the Huntr bounty report at https://huntr.com/bounties/4e140ef9-f6d1-4e68-a44c-3b9e856924d3, published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Aim (aimhubio/aim) is an open-source AI/ML experiment tracking platform, fitting under 'Other Platforms' as it manages and queries ML experiments.