CVE-2024-7760

Source
https://cve.org/CVERecord?id=CVE-2024-7760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-7760
Aliases
Published
2025-03-20T10:09:04.131Z
Modified
2026-07-15T01:48:50.554263951Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
CSRF in aimhubio/aim
Details

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7760.json",
    "cwe_ids": [
        "CWE-352"
    ],
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/aimhubio/aim

Affected ranges

Type
GIT
Repo
https://github.com/aimhubio/aim
Events
Database specific
{
    "cpe": "cpe:2.3:a:aimstack:aim:3.22.0:*:*:*:*:python:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "3.22.0"
        },
        {
            "last_affected": "3.22.0"
        }
    ]
}

Affected versions

3.*
3.22.0
v3.*
v3.22.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7760.json"