Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6v19-9ygv-7bfp
Vulnerability ID VCID-6v19-9ygv-7bfp
Aliases CVE-2024-8061
GHSA-6w7p-xrvp-p7xv
Summary In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-400 Uncontrolled Resource Consumption
CWE-1088 Synchronous Access of Remote Resource without Timeout
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00471 https://api.first.org/data/v1/epss?cve=CVE-2024-8061
epss 0.00471 https://api.first.org/data/v1/epss?cve=CVE-2024-8061
cvssv3.1 7.5 https://github.com/aimhubio/aim
generic_textual HIGH https://github.com/aimhubio/aim
cvssv3.1 7.5 https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
generic_textual HIGH https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
cvssv3 7.5 https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
cvssv3.1 7.5 https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
generic_textual HIGH https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
ssvc Track https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-8061
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-8061
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-8061
https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
https://nvd.nist.gov/vuln/detail/CVE-2024-8061
c85d005c-b354-4c51-a88f-adda2f09622b https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
GHSA-6w7p-xrvp-p7xv https://github.com/advisories/GHSA-6w7p-xrvp-p7xv
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/aimhubio/aim
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/aimhubio/aim/blob/a6c6f2fee0f1abe37c1d66701b0329fb6af31a3d/aim/ext/transport/client.py#L258
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:52:15Z/ Found at https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-8061
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65072
EPSS Score 0.00471
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:28:20.200134+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/8xxx/CVE-2024-8061.json 38.6.0