VYPR
High severityNVD Advisory· Published Feb 6, 2024· Updated May 15, 2025

CVE-2024-24591

CVE-2024-24591

Description

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
clearmlPyPI
>= 0.17.0, <= 1.14.1

Affected products

2
  • ghsa-coords
    Range: >= 0.17.0, <= 1.14.1
  • Allegro.AI/ClearMLv5
    Range: 1.4.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.