CVE-2024-24591
published 2024-02-06CVE-2024-24591: A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write…
PriorityP349high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.80%
51.9th percentile
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| allegro.ai | clearml | >= 1.4.0 < 1.14.2 | 1.14.2 |
| clear | clearml | 1.4.0 – 1.14.1 | — |
| clearml | clearml | 0.17.0 – 1.14.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Allegro AI ClearML path traversal vulnerability
ghsa·2024-02-06
CVE-2024-24591 [HIGH] CWE-22 Allegro AI ClearML path traversal vulnerability
Allegro AI ClearML path traversal vulnerability
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
OSV
Allegro AI ClearML path traversal vulnerability
osv·2024-02-06
CVE-2024-24591 [HIGH] Allegro AI ClearML path traversal vulnerability
Allegro AI ClearML path traversal vulnerability
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-06
Published