Denial of Service Vulnerability in AimHubIO's Tracking Server
CVE-2024-8061
7.5HIGH
Summary
In version 3.23.0 of AimHubIO's Aim Tracking Server, specific methods designed for retrieving data from external servers lack timeout settings. This oversight can result in the server waiting indefinitely for a response. Consequently, during such instances, the tracking server becomes unresponsive to other requests, effectively leading to a denial of service. The vulnerability is primarily found in the _run_read_instructions method and similar functions that make calls to external resources without adequate timeout controls.
Affected Version(s)
aimhubio/aim <= unspecified
References
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved