CVE-2024-8101

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.23.0

Description A stored cross-site scripting (XSS) issue exists in the Text Explorer component due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be exploited by injecting malicious HTML content during the training process, which is then rendered unsanitized in the Text Explorer.

Recommendations For aimhubio/aim version 3.23.0, consider disabling the use of dangerouslySetInnerHTML in the Text Explorer component until a patch is available, or ensure proper sanitization of the content to prevent arbitrary JavaScript execution. Restrict access to the Text Explorer component to minimize the risk of exploitation.