VYPR
High severityNVD Advisory· Published Feb 6, 2024· Updated Jun 17, 2025

CVE-2024-24590

CVE-2024-24590

Description

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
clearmlPyPI
>= 0.17.0, <= 1.14.1

Affected products

2
  • ghsa-coords
    Range: >= 0.17.0, <= 1.14.1
  • Allegro.AI/ClearMLv5
    Range: 0.17.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.