CVE-2024-24590

Deserialization of Untrusted Data in pypi/clearml

Identifiers

GHSA-cpcw-9h9m-wqw9, CVE-2024-24590

Package Slug

pypi/clearml

Vulnerability

Deserialization of Untrusted Data

Description

Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

Affected Versions

All versions starting from 0.17.0 up to 1.14.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-07

source