High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Denial of Service in aimhubio/aim
CVE-2024-12778
Description
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimPyPI | <= 3.25.0 | — |
Affected products
2- aimhubio/aimhubio/aimv5Range: unspecified
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.