Unrestricted Code Execution via Outdated safer_getattr()
A vulnerability in AimQL's use of an outdated safer_getattr() function in version 3.22.0 allows attackers to leak server-side secrets or gain unrestricted code execution. This issue was patched in a later version.
Available publicly on Oct 20 2024
Remediation Steps
- Update to the latest version of AimQL where the safer_getattr() function has been patched.
- Ensure that the server environment is configured to restrict file uploads to trusted sources only.
- Regularly audit and update dependencies to avoid using outdated and vulnerable libraries.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.