EUVD-2024-0670

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Path traversal vulnerability allows remote file writing in Allegro AI's ClearML client SDK versions.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-24591	6 Feb 202416:22	–	circl
CNNVD	Allegro Path Traversal Vulnerability	6 Feb 202400:00	–	cnnvd
CVE	CVE-2024-24591	6 Feb 202414:40	–	cve
Cvelist	CVE-2024-24591	6 Feb 202414:40	–	cvelist
Github Security Blog	Allegro AI ClearML path traversal vulnerability	6 Feb 202415:32	–	github
NVD	CVE-2024-24591	6 Feb 202415:15	–	nvd
OSV	GHSA-M95H-P4GG-WFW3 Allegro AI ClearML path traversal vulnerability	6 Feb 202415:32	–	osv
Prion	Path traversal	6 Feb 202415:15	–	prion
Positive Technologies	PT-2024-20473 · Allegro Ai · Clearml	6 Feb 202400:00	–	ptsecurity
Veracode	Path Traversal	7 Feb 202405:52	–	veracode

[
  {
    "enisaIdVendor": [
      {
        "id": "a448f377-a864-3316-b7fc-9bf4ff14ac10",
        "vendor": {
          "name": "Allegro.AI"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "abbd282f-649f-36a2-b947-71ebd4a74576",
        "product": {
          "name": "ClearML"
        },
        "product_version": "1.4.0 <1.14.2"
      },
      {
        "id": "d64b535d-c28c-3504-a4cc-2821c22f7bb8",
        "product": {
          "name": "ClearML"
        }
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-24591
github	www.github.com/allegroai/clearml
hiddenlayer	www.hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain
hiddenlayer	www.hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/

03 Oct 2025 20:07Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18 - 8.8

EPSS0.00529

SSVC