CVE-2024-6227 – aim

Package

Manager: pip
Name: aim
Vulnerable Version: >=0 <=3.19.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00355 pctl0.57067

Details

Aim denial of service vulnerability A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

Metadata

Created: 2024-07-08T21:31:40Z
Modified: 2024-08-30T19:56:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-36h2-g4c8-9xcm
Finding: F138
Auto approve: 1