CVE-2024-8061

Exploit

EPSS 0.11%
Veröffentlicht 20.03.2025 10:10:09
Zuletzt bearbeitet 15.10.2025 13:15:54
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aimstack ≫ Aim Version3.23.0 SwPlatformpython

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1088 Synchronous Access of Remote Resource without Timeout

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-8061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8061

EUVD