GHSA-fx47-jpv9-7hxr

Source

https://github.com/advisories/GHSA-fx47-jpv9-7hxr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-fx47-jpv9-7hxr/GHSA-fx47-jpv9-7hxr.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-fx47-jpv9-7hxr

Aliases

CVE-2024-10110

Published

2025-03-20T12:32:38Z

Modified

2025-03-20T19:30:37.222765Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Aim Vulnerable to Denial of Service (DoS)

Details

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.

Database specific

{
    "nvd_published_at": "2025-03-20T10:15:14Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-20T18:57:06Z"
}

References

Affected packages

PyPI / aim

Package

Name: aim; View open source insights on deps.dev
Purl: pkg:pypi/aim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.15.0

Last affected

3.23.0

Affected versions

3.*

3.15.0

3.15.1

3.15.2

3.16.0

3.16.1

3.16.2

3.17.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.5rc1

3.17.5rc2

3.17.5rc3

3.17.5rc4

3.17.5

3.18.0.dev2

3.18.0.dev3

3.18.0.dev4

3.18.0.dev5

3.18.0

3.18.1

3.19.0

3.19.1

3.19.2

3.19.3

3.20.1

3.21.0

3.22.0

3.23.0