CVE-2024-24590
published 2024-02-06CVE-2024-24590: Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded…
PriorityP353high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.45%
82.4th percentile
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| allegro.ai | clearml | >= 0.17.0 < 1.14.3 | 1.14.3 |
| clear | clearml | 0.17.0 – 1.14.2 | — |
| clearml | clearml | 0.17.0 – 1.14.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Allegro AI ClearML vulnerable to deserialization of untrusted data
ghsa·2024-02-06
CVE-2024-24590 [HIGH] CWE-502 Allegro AI ClearML vulnerable to deserialization of untrusted data
Allegro AI ClearML vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
OSV
Allegro AI ClearML vulnerable to deserialization of untrusted data
osv·2024-02-06
CVE-2024-24590 [HIGH] Allegro AI ClearML vulnerable to deserialization of untrusted data
Allegro AI ClearML vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
No detection rules found.
No public exploits indexed.
2024-02-06
Published