VYPR

PyPI package

clearml

pkg:pypi/clearml

Vulnerabilities (4)

  • CVE-2025-8917MedOct 5, 2025
    affected < 2.0.2fixed 2.0.2

    A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execu

  • CVE-2024-24591Feb 6, 2024
    affected >= 0.17.0, <= 1.14.1

    A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

  • CVE-2024-24590Feb 6, 2024
    affected >= 0.17.0, <= 1.14.1

    Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-24595Feb 5, 2024
    affected <= 1.14.2

    Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.