exploitDog

CVE-2024-7760

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 7.4

CVSS3: 9.6

EPSS Низкий

Описание

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write.

Ссылки

https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aimstack:aim:3.22.0:*:*:*:*:python:*:*

EPSS

Процентиль: 21%

0.0007

Низкий

7.4 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-38r9-3j52-h92v

CVSS3: 7.4

github

11 месяцев назад

Aim vulnerable to Cross-Site Request Forgery

EPSS

Процентиль: 21%

0.0007

Низкий

7.4 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-352