cbcvebase.
CVE-2024-24591
published 2024-02-06

CVE-2024-24591: A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write…

PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.80%
51.9th percentile
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

Affected

3 ranges
VendorProductVersion rangeFixed in
allegro.aiclearml>= 1.4.0 < 1.14.21.14.2
clearclearml1.4.0 – 1.14.1
clearmlclearml0.17.0 – 1.14.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.