HIGH🇵🇱 Wersja polska

CVE-2024-24590

CVSS 8.0v3.1pub. 2024-02-06upd. 2024-11-21

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Clear Clearml

    APP
    Clear
    0.17.0 – 1.14.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2024-24592CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w komponencie fileserver platformy ClearML

CVE-2024-24593CRITICAL9.6PL ✓ten sam produkt

CSRF w ClearML API Server — podszywanie się pod użytkownika

CVE-2024-24594CRITICAL9.9PL ✓ten sam produkt

XSS w ClearML — wykonanie JavaScript przez zakładkę Debug Samples

CVE-2024-24591HIGH8.0ten sam produkt

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform ...

CVE-2024-24595MEDIUM6.0ten sam produkt

Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulti...