Описание
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the aim tracking server to communicate with external resources, specifically in the _run_read_instructions method and similar calls without timeouts.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*
EPSS
Процентиль: 28%
0.00101
Низкий
7.5 High
CVSS3
Дефекты
CWE-1088
Связанные уязвимости
CVSS3: 7.5
github
11 месяцев назад
Aim allows denial of service due to no timeouts for some tracking server endpoints
EPSS
Процентиль: 28%
0.00101
Низкий
7.5 High
CVSS3
Дефекты
CWE-1088