Aim@3.23.0 Security Vulnerabilities and Issues — Aim@3.23.0 CVE List

Lucene search

AimstackAim3.23.0

3 matches found

CVE•added 2025/03/20 10:15 a.m.•36 views

CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be e...

7.2CVSS6.5AI score0.00078EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arise...

7.5CVSS7AI score0.00151EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.

7.5CVSS7.4AI score0.00151EPSS