CVE-2024-24594

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*

History

15 Feb 2024, 16:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - () https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ - Exploit, Third Party Advisory
CWE CWE-79
First Time Clear clearml
Clear
CPE cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*

06 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 15:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-24594

Mitre link : CVE-2024-24594

CVE.ORG link : CVE-2024-24594


JSON object : View

Products Affected

clear

  • clearml
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')