CVE-2024-12777
MEDIUMDescription
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| aimstack | aim |
References
Frequently Asked Questions
What is CVE-2024-12777? +
How severe is CVE-2024-12777? +
What products are affected by CVE-2024-12777? +
How do I check if I'm vulnerable to CVE-2024-12777? +
Related Vulnerabilities
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the …
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a …
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled …
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions …
A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host …
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly …