Lucene search

Veracode Vulnerability DatabaseVERACODE:47958

HistoryJul 09, 2024 - 4:57 a.m.

Denial Of Service (DoS)

2024-07-0904:57:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

aimhubio/aim

vulnerability

remote tracking server

class method repo.from_path

attacker

endless connection

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

aimhubio/aim is vulnerable to Denial Of Service (DoS). The vulnerability is due to the remote tracking server being configured to point at itself while using the class method Repo.from_path, which allows an attacker to cause the server to endlessly connect to itself and become unable to respond to other connections.

References

github.com/advisories/GHSA-36h2-g4c8-9xcm

github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195

huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Related for VERACODE:47958