CVE-2024-24591

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/clearml

Identifiers

GHSA-m95h-p4gg-wfw3, CVE-2024-24591

Package Slug

pypi/clearml

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

A path traversal vulnerability in version 1.4.0 or newer of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

Affected Versions

All versions starting from 0.17.0 up to 1.14.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-07

source