GHSA-35p3-6j45-prwm

Source

https://github.com/advisories/GHSA-35p3-6j45-prwm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-35p3-6j45-prwm/GHSA-35p3-6j45-prwm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-35p3-6j45-prwm

Aliases

CVE-2024-12778

Published

2025-03-20T12:32:44Z

Modified

2025-10-15T17:15:33.512660Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Aim Uncontrolled Resource Consumption vulnerability

Details

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.

Database specific

{
    "nvd_published_at": "2025-03-20T10:15:30Z",
    "severity": "HIGH",
    "github_reviewed_at": "2025-03-21T18:35:15Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ]
}

References

Affected packages

PyPI / aim

Package

Name: aim; View open source insights on deps.dev
Purl: pkg:pypi/aim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.25.0

Affected versions

2.*

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.6.0

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.4.0

3.4.1

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.8.0

3.8.1

3.9.0a1

3.9.0a14

3.9.2

3.9.3

3.9.4

3.10.0.dev9

3.10.0

3.10.1

3.10.2

3.10.3

3.11.0.dev4

3.11.0

3.11.1.dev1

3.11.1

3.11.2

3.12.0.dev2

3.12.0

3.12.1

3.12.2

3.13.0

3.13.1

3.13.2

3.13.3

3.13.4

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.15.0

3.15.1

3.15.2

3.16.0

3.16.1

3.16.2

3.17.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.5rc1

3.17.5rc2

3.17.5rc3

3.17.5rc4

3.17.5

3.18.0.dev2

3.18.0.dev3

3.18.0.dev4

3.18.0.dev5

3.18.0

3.18.1

3.19.0

3.19.1

3.19.2

3.19.3

3.20.1

3.21.0

3.22.0

3.23.0

3.24.0

3.25.0