EUVD-2024-21996

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Cross-site scripting vulnerability in Allegro AI ClearML allows remote code execution via web UI.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-24594	6 Feb 202416:22	–	circl
CNNVD	Allegro Cross-Site Scripting Vulnerability	6 Feb 202400:00	–	cnnvd
CVE	CVE-2024-24594	6 Feb 202414:42	–	cve
Cvelist	CVE-2024-24594	6 Feb 202414:42	–	cvelist
NVD	CVE-2024-24594	6 Feb 202415:15	–	nvd
Prion	Cross site scripting	6 Feb 202415:15	–	prion
Positive Technologies	PT-2024-20476 · Allegro Ai · Clearml	6 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-24594	5 Feb 202502:15	–	redhatcve
Vulnrichment	CVE-2024-24594	6 Feb 202414:42	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "dd7ca371-f5ef-303d-b34e-3e81daaf7725",
        "vendor": {
          "name": "Allegro.AI"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7c95f0fb-60e3-322c-9458-09771d1189b7",
        "product": {
          "name": "ClearML"
        },
        "product_version": "0 ≤*"
      },
      {
        "id": "a628e785-5e0d-3b9b-9dfc-bebbb70d0100",
        "product": {
          "name": "ClearML"
        }
      }
    ]
  }
]

Source	Link
hiddenlayer	www.hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/

03 Oct 2025 20:07Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4 - 9.9

EPSS0.00059

SSVC