Publish GHSA-36h2-g4c8-9xcm

github · Aug 7, 2024 · 42f8cd2 · 42f8cd2
1 parent 8cb897f
commit 42f8cd2
Showing 1 changed file with 35 additions and 4 deletions.
diff --git a/...A-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json → ...A-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json b/...A-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json → ...A-36h2-g4c8-9xcm/GHSA-36h2-g4c8-9xcm.json
@@ -1,26 +1,57 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36h2-g4c8-9xcm",
-  "modified": "2024-07-08T21:31:40Z",
+  "modified": "2024-08-07T20:38:41Z",
   "published": "2024-07-08T21:31:40Z",
   "aliases": [
     "CVE-2024-6227"
   ],
+  "summary": "Aim denial of service vulnerability",
   "details": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "aim"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.19.3"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6227"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/aimhubio/aim"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aimhubio/aim/blob/2e7b8aff8dcba9ddd5043dfec88cf2319ba8a87c/aim/sdk/repo.py#L195"
+    },
     {
       "type": "WEB",
       "url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a"
@@ -32,8 +63,8 @@
       "CWE-835"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-08-07T20:38:41Z",
     "nvd_published_at": "2024-07-08T19:15:10Z"
   }
 }