CVE-2024-12778
published 2025-03-20CVE-2024-12778: A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.73%
49.5th percentile
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aimhubio | aimhubio_aim | unspecified – latest | — |
| aimstack | aim | — | — |
| aimstack | aim | 0 – 3.25.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Aim Uncontrolled Resource Consumption vulnerability
osv·2025-03-20
CVE-2024-12778 [HIGH] Aim Uncontrolled Resource Consumption vulnerability
Aim Uncontrolled Resource Consumption vulnerability
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
GHSA
Aim Uncontrolled Resource Consumption vulnerability
ghsa·2025-03-20
CVE-2024-12778 [HIGH] CWE-400 Aim Uncontrolled Resource Consumption vulnerability
Aim Uncontrolled Resource Consumption vulnerability
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published