CVE-2024-24591

Source
https://cve.org/CVERecord?id=CVE-2024-24591
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24591.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-24591
Aliases
Published
2024-02-06T14:40:56.097Z
Modified
2026-07-08T06:18:26.185347117Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24591.json",
    "cna_assigner": "HiddenLayer",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/clearml/clearml

Affected ranges

Type
GIT
Repo
https://github.com/clearml/clearml
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.4.0"
        },
        {
            "fixed": "1.14.2"
        }
    ]
}

Affected versions

Other
untagged-38cec581542f7f989ef9
v1.*
v1.10.0
v1.10.0_fix
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.1
v1.11.1rc0
v1.11.1rc1
v1.11.1rc2
v1.11.2rc0
v1.12.0
v1.12.1
v1.12.2
v1.12.2rc0
v1.13.0
v1.13.1
v1.13.2
v1.13.3rc0
v1.13.3rc1
v1.14.0
v1.14.0rc0
v1.14.1
v1.14.2rc0
v1.4.0
v1.4.1rc0
v1.4.2rc0
v1.4.2rc1
v1.5.0
v1.6
v1.6.1
v1.6.2
v1.6.3
v1.6.3rc0
v1.6.3rc1
v1.6.3rc2
v1.6.4
v1.6.5rc0
v1.6.5rc1
v1.7.0
v1.7.0rc0
v1.7.0rc1
v1.7.1
v1.7.1rc0
v1.7.1rc1
v1.7.1rc2
v1.7.2
v1.7.2rc0
v1.7.2rc1
v1.7.2rc2
v1.7.3rc0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4rc0
v1.8.4rc1
v1.8.4rc2
v1.9.0
v1.9.1
v1.9.2
v1.9.2rc0
v1.9.2rc1
v1.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24591.json"