Approved changes feed: RSS · Atom

cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*

part: a version: 3.23.0 update: *

VendorAimstack (886a7568-eb42-5ce4-86a3-4dd539834f04)
ProductAim (a8a21397-1046-5603-af83-2b9493054697)
Edition*
Language*
Software edition*
Target softwarepython
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/aimhubio/aim purl2cpe 2026-06-01 10:11:46.089929

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8061 vulnerable 2026-06-08 07:00:21.346785 Denial of Service in aimhubio/aim
HIGH (7.5)
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.
Published: 2025-03-20T10:10:09.524Z
Updated: 2025-10-15T12:49:55.677Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10110 vulnerable 2026-06-08 06:22:03.587195 Denial of Service in aimhubio/aim
HIGH (7.5)
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.
Published: 2025-03-20T10:09:22.842Z
Updated: 2025-03-20T18:55:48.687Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.