Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2024-6227

CVE-2024-6227:
Aim denial of service vulnerability

7.5

CVSS Score

Basic Information

CVE ID
CVE-2024-6227
GHSA ID
GHSA-36h2-g4c8-9xcm
EPSS Score
-
CWE
CWE-835
Published
7/8/2024
Updated
8/30/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
aimpip<= 3.19.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability occurs when a remote tracking server is configured to point to itself. The Repo class constructor (init) handles 'aim://' URIs by creating a Client and RemoteRepoProxy without checking if the target is the local instance. This allows circular connections where the server connects to itself, creating an unreachable loop condition. The code at line 195 in repo.py initiates this remote connection setup without validation mechanisms to prevent self-referential configurations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility in *im*u*io/*im v*rsion *.**.* *llows *n *tt**k*r to **us* *n in*init* loop *y *on*i*urin* t** r*mot* tr**kin* s*rv*r to point *t its*l*. T*is r*sults in t** s*rv*r *n*l*ssly *onn**tin* to its*l*, r*n**rin* it un**l* to r*spon* to ot*

Reasoning

T** vuln*r**ility o**urs w**n * r*mot* tr**kin* s*rv*r is *on*i*ur** to point to its*l*. T** R*po *l*ss *onstru*tor (__init__) **n*l*s '*im://' URIs *y *r**tin* * *li*nt *n* R*mot*R*poProxy wit*out ****kin* i* t** t*r**t is t** lo**l inst*n**. T*is *