CVE-2024-8061

Summary

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the aim tracking server to communicate with external resources, specifically in the _run_read_instructions method and similar calls without timeouts.

Affected Software

VendorProductVersion RangeStatus
aimhubioaimhubio/aimunspecified <= latestaffected

Weaknesses

  • CWE-1088: CWE-1088 Synchronous Access of Remote Resource without Timeout

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References