CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the aim tracking server to communicate with external resources, specifically in the _run_read_instructions method and similar calls without timeouts.

Published: Mar 20, 2025
Updated: Jun 30, 2025
CVE: CVE-2024-8061
GHSA: GHSA-6w7p-xrvp-p7xv
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
aim	-	3.23.0.x

https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b

Vulnerability Database

289,697

CVE-2024-8061