Moderate severityNVD Advisory· Published Jul 29, 2024· Updated Aug 1, 2024
Stored XSS in aimhubio/aim
CVE-2024-6578
Description
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aimPyPI | <= 3.19.3 | — |
Affected products
2- aimhubio/aimhubio/aimv5Range: unspecified
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.