exploitDog

CVE-2024-24594

Опубликовано: 06 фев. 2024

Источник: nvd

CVSS3: 9.9

CVSS3: 5.4

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.

Ссылки

https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Exploit
Third Party Advisory
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

9.9 Critical

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-f7f8-8qv6-p289

CVSS3: 9.9

github

около 2 лет назад

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.

EPSS

Процентиль: 19%

0.00059

Низкий

9.9 Critical

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79