CVE-2024-6227

HIGH7.5EPSS 0.27%

Aim denial of service vulnerability

Published: 7/8/2024Modified: 8/30/2024

Description

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

Affected packages (1)

PyPI/aimfrom 0, <= 3.19.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-6227
PATCHhttps://github.com/aimhubio/aim
WEBhttps://github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195
WEBhttps://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a