Aimstack Aim 3.25.0 for Python
Approved changes feed: RSS · Atom
cpe:2.3:a:aimstack:aim:3.25.0:*:*:*:*:python:*:*
part: a version: 3.25.0 update: *
| Vendor | Aimstack (886a7568-eb42-5ce4-86a3-4dd539834f04) |
|---|---|
| Product | Aim (a8a21397-1046-5603-af83-2b9493054697) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | python |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aimhubio/aim |
purl2cpe | 2026-06-01 10:11:46.092661 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-12778 |
vulnerable | 2026-06-08 06:25:36.072861 |
Denial of Service in aimhubio/aim
HIGH (7.5)
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
Published: 2025-03-20T10:10:10.394Z
Updated: 2025-10-15T12:49:31.683Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12777 |
vulnerable | 2026-06-08 06:25:36.072236 |
Denial of Service in aimhubio/aim
MEDIUM (5.9)
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
Published: 2025-03-20T10:11:15.212Z
Updated: 2025-03-20T13:30:19.041Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.