PYSEC-2026-1089

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/aim/PYSEC-2026-1089.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1089
Aliases
Published
2026-07-07T14:34:58.124558Z
Modified
2026-07-07T17:46:18.026992970Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Aim Uncontrolled Resource Consumption vulnerability
Details

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition.

References

Affected packages

PyPI / aim

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.25.0

Affected versions

2.*
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.8.0
3.8.1
3.9.0a1
3.9.0a14
3.9.2
3.9.3
3.9.4
3.10.0.dev9
3.10.0
3.10.1
3.10.2
3.10.3
3.11.0.dev4
3.11.0
3.11.1.dev1
3.11.1
3.11.2
3.12.0.dev2
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.15.2
3.16.0
3.16.1
3.16.2
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5rc1
3.17.5rc2
3.17.5rc3
3.17.5rc4
3.17.5
3.18.0.dev2
3.18.0.dev3
3.18.0.dev4
3.18.0.dev5
3.18.0
3.18.1
3.19.0
3.19.1
3.19.2
3.19.3
3.20.1
3.21.0
3.22.0
3.23.0
3.24.0
3.25.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/aim/PYSEC-2026-1089.yaml"