CVE-2024-6578

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.19.3

Description A stored cross-site scripting (XSS) issue exists due to the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML function in React, which is susceptible to XSS attacks. An attacker can exploit this by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.

Recommendations For aimhubio/aim version 3.19.3, consider disabling the use of the dangerouslySetInnerHTML function in React for the logs-tab until a patch is available. Restrict access to the logs-tab to minimize the risk of exploitation. Avoid displaying terminal output logs using the dangerouslySetInnerHTML function until the issue is resolved.