CVE-2024-8061

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.23.0

Description The application contains methods that request data from external servers without defined timeouts. This can cause the server to wait indefinitely for a response, potentially leading to a denial of service, as the tracking server becomes unresponsive to other requests while awaiting a response. The issue is present in the client used by the aim tracking server to communicate with external resources, specifically within the run read instructions method and similar calls lacking timeouts.

Recommendations aimhubio/aim version 3.23.0: Implement timeouts for all methods that request data from external servers to prevent indefinite waiting and potential denial of service. Specifically, address the run read instructions method and similar calls to ensure they include appropriate timeout mechanisms.