CVE-2024-24590

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 6, 2024

Updated: Feb 15, 2024

CWE ID 502

Summary

CVE-2024-24590 is a deserialization vulnerability affecting versions 0.17.0 to 1.14.2 of Allegro AI's ClearML platform client SDK. This issue allows for untrusted data to be deserialized, resulting in the execution of arbitrary code on an end user's system. Maliciously uploaded artifacts can exploit this vulnerability, posing a significant risk to users interacting with the affected SDK. It is crucial that users update to the latest version of the ClearML platform client SDK to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Clear Secure, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uSLZAg
https://www.cve.org/CVERecord?id=CVE-2024-24590
https://nvd.nist.gov/vuln/detail/CVE-2024-24590

Back to Vulnerability Database

CVE-2024-24590

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations