{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10110", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-10-17T22:41:18.993Z", "datePublished": "2025-03-20T10:09:22.842Z", "dateUpdated": "2025-03-20T18:55:48.687Z"}, "containers": {"cna": {"title": "Denial of Service in aimhubio/aim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:22.842Z"}, "descriptions": [{"lang": "en", "value": "In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests."}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:53:59.040722Z", "id": "CVE-2024-10110", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:55:48.687Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10110", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:53:59.040722Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:54:00.447Z"}}], "cna": {"title": "Denial of Service in aimhubio/aim", "source": {"advisory": "5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4"}], "descriptions": [{"lang": "en", "value": "In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:22.842Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10110", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:55:48.687Z", "dateReserved": "2024-10-17T22:41:18.993Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:22.842Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*", "matchCriteriaId": "22E84A5D-7E10-4D1A-98EF-8A79AAAF82D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests."}, {"lang": "es", "value": "En la versi\u00f3n 3.23.0 de aimhubio/aim, el objeto ScheduledStatusReporter puede instanciarse para ejecutarse en el hilo principal del servidor de seguimiento, lo que provoca el bloqueo indefinido de dicho hilo. Esto provoca una denegaci\u00f3n de servicio, ya que el servidor de seguimiento no puede responder a otras solicitudes."}], "id": "CVE-2024-10110", "lastModified": "2025-07-23T20:56:54.907", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:14.867", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}