VYPR
Moderate severityNVD Advisory· Published Jul 29, 2024· Updated Aug 1, 2024

Stored XSS in aimhubio/aim

CVE-2024-6578

Description

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the dangerouslySetInnerHTML function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimPyPI
<= 3.19.3

Affected products

2
  • ghsa-coords
    Range: <= 3.19.3
  • aimhubio/aimhubio/aimv5
    Range: unspecified

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.