{"id":"CVE-2024-12778","details":"A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number of metrics that can be requested per call, combined with the server's single-threaded nature, leading to excessive resource consumption and blocking of the server.","aliases":["GHSA-35p3-6j45-prwm"],"modified":"2026-04-10T05:08:29.774892Z","published":"2025-03-20T10:15:30.480Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/892a9eee-0251-4e57-94a4-dad2e7f32715"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aimhubio/aim","events":[{"introduced":"0"},{"last_affected":"d4ad66ac87606b1f377d3e685e861abb2eef6c45"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.25.0"}]}}],"versions":["pre-launch","v0.1.0","v0.1.1","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v1.0.0","v1.1.0","v1.1.1","v1.2.7rc1","v2.1.6","v2.2.0","v2.3.0","v2.4.0","v2.5.0","v2.6.0","v2.7.0","v3.0.0","v3.0.0-beta5","v3.0.0-beta6","v3.0.1","v3.0.2","v3.1.0","v3.1.1","v3.17.0","v3.17.1","v3.17.2","v3.17.3","v3.17.4","v3.17.5","v3.18.1","v3.19.0","v3.19.1","v3.2.0","v3.20.1","v3.21.0","v3.22.0","v3.23.0","v3.24.0","v3.25.0","v3.3.0","v3.3.1","v3.3.2","v3.4.0","v3.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12778.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}