CVE-2024-6227: Aim denial of service vulnerability

July 8, 2024 (updated August 30, 2024)

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

References

github.com/advisories/GHSA-36h2-g4c8-9xcm
github.com/aimhubio/aim
github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py
huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a
nvd.nist.gov/vuln/detail/CVE-2024-6227

Detect and mitigate CVE-2024-6227 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →