GHSA-cpcw-9h9m-wqw9, CVE-2024-24590
pypi/clearml
Deserialization of Untrusted Data
Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
All versions starting from 0.17.0 up to 1.14.1
Unfortunately, there is no solution available yet.
2024-02-07
source |