cbcvebase.

Aimstack Aim vulnerabilities

23 known vulnerabilities affecting aimstack/aim.

Total CVEs
23
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH12MEDIUM5

Vulnerabilities

Page 2 of 2
CVE-2024-12777P4MEDIUMCVSS 5.9v3.25.02025-03-20
CVE-2024-12777 [MEDIUM] CWE-1088 CVE-2024-12777: A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a si
ghsanvdosv
CVE-2024-8101P4MEDIUMCVSS 6.1v3.23.02025-03-20
CVE-2024-8101 [MEDIUM] CWE-79 CVE-2024-8101: A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/ A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySetInnerHTML` without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during t
nvd
CVE-2024-6578P4MEDIUMCVSS 5.4v3.19.32024-07-29
CVE-2024-6578 [MEDIUM] CWE-79 CVE-2024-6578: A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnera A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks.
ghsanvdosv
Aimstack Aim vulnerabilities | cvebase