GHSA-6w7p-xrvp-p7xv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6w7p-xrvp-p7xv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-6w7p-xrvp-p7xv/GHSA-6w7p-xrvp-p7xv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6w7p-xrvp-p7xv
- Aliases
-
- CVE-2024-8061
- Published
- 2025-03-20T12:32:47Z
- Modified
- 2025-03-21T21:45:29.019389Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Aim allows denial of service due to no timeouts for some tracking server endpoints
- Details
-
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the
aimtracking server to communicate with external resources, specifically in the_run_read_instructionsmethod and similar calls without timeouts. - Database specific
{ "nvd_published_at": "2025-03-20T10:15:40Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-21T21:24:33Z" }- References
Affected packages
PyPI / aim
Package
- Name
- aim
- View open source insights on deps.dev
- Purl
- pkg:pypi/aim
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.23.0
Affected versions
2.*
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.8.0
3.8.1
3.9.0a1
3.9.0a14
3.9.2
3.9.3
3.9.4
3.10.0.dev9
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0.dev4
3.11.0
3.11.1.dev1
3.11.1
3.11.2
3.12.0.dev2
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.15.2
3.16.0
3.16.1
3.16.2
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5rc1
3.17.5rc2
3.17.5rc3
3.17.5rc4
3.17.5
3.18.0.dev2
3.18.0.dev3
3.18.0.dev4
3.18.0.dev5
3.18.0
3.18.1
3.19.0
3.19.1
3.19.2
3.19.3
3.20.1
3.21.0
3.22.0
3.23.0