CVE-2024-24591

Name of the Vulnerable Software and Affected Versions Allegro AI's ClearML platform versions 1.4.0 through 1.14.1

Description A path traversal vulnerability in the client SDK of Allegro AI's ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user's system when interacted with.

Recommendations For versions 1.4.0 through 1.14.1, consider restricting access to the dataset upload feature until a patch is available. As a temporary workaround, avoid interacting with maliciously uploaded datasets to minimize the risk of exploitation. Restrict write access to sensitive locations on the end user's system to prevent arbitrary file writing.