CVE-2024-24590

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 8.0
References () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - Exploit, Technical Description, Third Party Advisory () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - Exploit, Technical Description, Third Party Advisory

15 Feb 2024, 15:43

Type Values Removed Values Added
References () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - Exploit, Technical Description, Third Party Advisory
CPE cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*
CWE CWE-502
First Time Clear clearml
Clear
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

13 Feb 2024, 20:15

Type Values Removed Values Added
Summary Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with. Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

06 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 15:15

Updated : 2024-11-21 08:59


NVD link : CVE-2024-24590

Mitre link : CVE-2024-24590

CVE.ORG link : CVE-2024-24590


JSON object : View

Products Affected

clear

  • clearml
CWE
CWE-502

Deserialization of Untrusted Data