110 matches found
Malicious code in clearml-truen-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...
CVE-2025-8917
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
PT-2025-41182
🟠 ClearML Path Traversal Vulnerability CVE-2025-45403 Moderate https://t.co/AwPuWdbUZK...
clearml-darknet-py (>=0.1.0 <=0.2.1), eml-scheduler (>=0.0.1 <=0.0.2) +10 more potentially affected by CVE-2025-8917 via clearml (>=0.17.4 <=1.8.0)
clearml PYPI version =0.17.4, =0.1.0, =0.0.1, =0.1.202405161324, =0.0.1, =0.6.0, =0.7.0, =0.0.0, =1.4.8 Source cves: CVE-2025-8917 Source advisory: OSV:GHSA-579P-QF78-FQM2...
clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...
Directory Traversal
Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write arbitrary files outside the intended directory by exploiting improper...
EUVD-2025-32454
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
GHSA-579P-QF78-FQM2 clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...
CVE-2025-8917
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917
Path traversal vulnerability in allegroai/clearml v2.0.1 due to unsafe handling of symbolic and hard links in safe_extract. This can lead to arbitrary file writes outside the target directory and potentially remote code execution if critical files are overwritten. Remediation per multiple sources...
clearml 安全漏洞
clearml is a large model pipeline tool for allegroai individual developers. A security vulnerability exists in clearml version v2.0.1, which stems from improper handling of symbolic links and hard links by the safeextract function, which could lead to arbitrary file writes and remote code executi...
PT-2025-40805
Name of the Vulnerable Software and Affected Versions allegroai/clearml version v2.0.1 Description A flaw exists in the handling of symbolic and hard links within the safe extract function, leading to a path traversal issue. This can result in arbitrary file writes outside the intended directory...
EUVD-2024-21995
Malicious code in bioql PyPI...
EUVD-2024-21996
Malicious code in bioql PyPI...
EUVD-2024-53884
Malicious code in bioql PyPI...
EUVD-2024-21994
Malicious code in bioql PyPI...
EUVD-2024-53883
Malicious code in bioql PyPI...