Aim Security Vulnerabilities and Issues — Aim CVE List

Lucene search

AimstackAim

9 matches found

CVE•added 2025/03/20 10:15 a.m.•74 views

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these ob...

7.5CVSS7.5AI score0.00144EPSS

CVE•added 2025/03/20 10:15 a.m.•68 views

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large imag...

7.5CVSS7.5AI score0.00144EPSS

CVE•added 2025/03/20 10:15 a.m.•60 views

CVE-2024-12778

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS7.5AI score0.00151EPSS

CVE•added 2024/07/08 7:15 p.m.•39 views

CVE-2024-6227

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

7.5CVSS7.4AI score0.00087EPSS

CVE•added 2024/07/29 7:15 p.m.•36 views

CVE-2024-6578

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML fun...

7.2CVSS6.4AI score0.00082EPSS

CVE•added 2025/03/20 10:15 a.m.•36 views

CVE-2024-8101

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be e...

7.2CVSS6.5AI score0.00078EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arise...

7.5CVSS7AI score0.00151EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.

7.5CVSS7.4AI score0.00151EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glo...

7.5CVSS7.5AI score0.00232EPSS