CVE-2024-10110 — HIGH (7.5)

Vulnerability Description

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aimstack	Aim	3.23.0

Related Weaknesses (CWE)

CWE-400

References

https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4ExploitThird Party Advisory

FAQ

What is CVE-2024-10110?

CVE-2024-10110 is a vulnerability with a CVSS score of 7.5 (HIGH). In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This ...

How severe is CVE-2024-10110?

CVE-2024-10110 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10110?

Check the references section above for vendor advisories and patch information. Affected products include: Aimstack Aim.