CVE-2024-39272

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533

Description: A cross-site scripting (XSS) issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

Recommendations: For ClearML Enterprise Server version 3.22.5-1533, consider disabling the dataset upload functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the dataset upload feature to minimize the risk of arbitrary HTML code injection. Avoid using the vulnerable dataset upload functionality in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.