CVE-2024-24591

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 8

CVSS3: 8.8

EPSS Низкий

Описание

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

Ссылки

https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Exploit
Technical Description
Third Party Advisory
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.14.1 (включая)

EPSS

Процентиль: 63%

0.00452

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-m95h-p4gg-wfw3

CVSS3: 8.8

github

около 2 лет назад

Allegro AI ClearML path traversal vulnerability

EPSS

Процентиль: 63%

0.00452

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-22