From 5ea204563572fa4acd71032e7541ff4d6de2cbcd Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 00:35:23 +0000
Subject: [PATCH] Publish GHSA-gp5h-f9c5-8355

---
 .../GHSA-gp5h-f9c5-8355.json                  | 41 +++++++++++++++----
 1 file changed, 34 insertions(+), 7 deletions(-)
 rename advisories/{unreviewed => github-reviewed}/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json (66%)

diff --git a/advisories/unreviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json b/advisories/github-reviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
similarity index 66%
rename from advisories/unreviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
rename to advisories/github-reviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
index a7b8501b122..36861db7e9a 100644
--- a/advisories/unreviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
+++ b/advisories/github-reviewed/2025/05/GHSA-gp5h-f9c5-8355/GHSA-gp5h-f9c5-8355.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gp5h-f9c5-8355",
-  "modified": "2025-05-29T15:31:09Z",
+  "modified": "2025-06-05T00:34:03Z",
   "published": "2025-05-29T15:31:09Z",
   "aliases": [
     "CVE-2025-5321"
   ],
+  "summary": "Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution",
   "details": "A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
   "severity": [
     {
@@ -14,10 +15,30 @@
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "aim"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.29.1"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
@@ -27,6 +48,10 @@
       "type": "WEB",
       "url": "https://gist.github.com/superboy-zjc/1fc4747a0ac77a1edc8c32e1d4edc54c"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/aimhubio/aim"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.310492"
@@ -41,10 +66,12 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-06-05T00:34:03Z",
     "nvd_published_at": "2025-05-29T15:15:34Z"
   }
 }
\ No newline at end of file