Aimstack Aim 3.19.3
Approved changes feed: RSS · Atom
cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*
part: a version: 3.19.3 update: *
| Vendor | Aimstack (886a7568-eb42-5ce4-86a3-4dd539834f04) |
|---|---|
| Product | Aim (a8a21397-1046-5603-af83-2b9493054697) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aimhubio/aim |
purl2cpe | 2026-06-01 10:11:46.072185 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6578 |
vulnerable | 2026-06-08 06:58:19.928697 |
Stored XSS in aimhubio/aim
HIGH (7.2)
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
Published: 2024-07-29T18:37:16.820Z
Updated: 2024-08-01T21:41:03.725Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6227 |
vulnerable | 2026-06-08 06:58:18.296598 |
Infinite Loop in aimhubio/aim
HIGH (7.5)
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
Published: 2024-07-08T19:06:31.579Z
Updated: 2024-08-30T15:25:02.656Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.