CVE-2024-24590

Name of the Vulnerable Software and Affected Versions Allegro AI’s ClearML platform versions 0.17.0 through 1.14.2

Description Deserialization of untrusted data can occur in the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

Recommendations For versions 0.17.0 through 1.14.2, consider disabling the deserialization of untrusted data as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.