5 matches found
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
dsipts (>=1.1.5 <=1.1.19), llm-toys (=0.1.1) +2 more potentially affected by CVE-2024-7760 via aim (>=3.17.4 <=3.20.1)
aim PYPI version =3.17.4, =1.1.5, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2024-7760 Source advisory: OSV:GHSA-38R9-3J52-H92V...
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760 CSRF in aimhubio/aim
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...
CVE-2024-7760
CVE-2024-7760 affects aimhubio/aim (v3.22.0) where the tracking server is vulnerable to Cross‑Site Request Forgery (CSRF) due to overly permissive CORS settings that allow cross-origin requests from all origins. This vulnerability enables CSRF on all endpoints of the tracking server and can be ch...