CVE-2024-10110

{"id": "CVE-2024-10110", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:14.867", "references": [{"url": "https://huntr.com/bounties/5ea6cf56-7b4c-4dce-9b6c-3e910fbb1ae4", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests."}, {"lang": "es", "value": "En la versi\u00f3n 3.23.0 de aimhubio/aim, el objeto ScheduledStatusReporter puede instanciarse para ejecutarse en el hilo principal del servidor de seguimiento, lo que provoca el bloqueo indefinido de dicho hilo. Esto provoca una denegaci\u00f3n de servicio, ya que el servidor de seguimiento no puede responder a otras solicitudes."}], "lastModified": "2025-07-23T20:56:54.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "22E84A5D-7E10-4D1A-98EF-8A79AAAF82D4"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}