Denial of Service Vulnerability in AimHubIO's Tracking Server
CVE-2024-8061

7.5HIGH

Key Information:

Vendor: Aimhubio
Status: Aimhubio/aim
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-8061?

In version 3.23.0 of AimHubIO's Aim Tracking Server, specific methods designed for retrieving data from external servers lack timeout settings. This oversight can result in the server waiting indefinitely for a response. Consequently, during such instances, the tracking server becomes unresponsive to other requests, effectively leading to a denial of service. The vulnerability is primarily found in the _run_read_instructions method and similar functions that make calls to external resources without adequate timeout controls.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 21, 2024

Aimhubio

What is CVE-2024-8061?

Affected Version(s)

References

CVSS V3.0

Timeline