Lucene search
K

114 matches found

NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 12:26 p.m.8 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:26 p.m.20 views

CVE-2026-8387

CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:26 p.m.7 views

EUVD-2026-40957

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 8:10 p.m.11 views

Malicious code in clearml-truen-patch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.4 views

CVE-2025-8917

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS8.2AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.5 views

PT-2025-41182

🟠 ClearML Path Traversal Vulnerability CVE-2025-45403 Moderate https://t.co/AwPuWdbUZK...

6.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/05 12:30 p.m.8 views

clearml is vulnerable to Path Traversal through its `safe_extract` function

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...

5.8CVSS8.3AI score0.00276EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/05 12:30 p.m.3 views

Directory Traversal

Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write arbitrary files outside the intended directory by exploiting improper...

6.8CVSS7.7AI score0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/10/05 12:30 p.m.5 views

GHSA-579P-QF78-FQM2 clearml is vulnerable to Path Traversal through its `safe_extract` function

A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...

5.8CVSS6.7AI score0.00276EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/10/05 12:30 p.m.6 views

clearml-darknet-py (>=0.1.0 <=0.2.1), eml-scheduler (>=0.0.1 <=0.0.2) +10 more potentially affected by CVE-2025-8917 via clearml (>=0.17.4 <=1.8.0)

clearml PYPI version =0.17.4, =0.1.0, =0.0.1, =0.1.202405161324, =0.0.1, =0.6.0, =0.7.0, =0.0.0, =1.4.8 Source cves: CVE-2025-8917 Source advisory: OSV:GHSA-579P-QF78-FQM2...

5.8CVSS6.2AI score0.00276EPSS
Exploits0
EUVD
EUVD
added 2025/10/05 12:30 p.m.6 views

EUVD-2025-32454

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS6.8AI score0.00276EPSS
Exploits0References3
NVD
NVD
added 2025/10/05 11:16 a.m.6 views

CVE-2025-8917

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 2025/10/05 10:21 a.m.4 views

CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS7AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/05 10:21 a.m.2 views

CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS7.9AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2025/10/05 10:21 a.m.14 views

CVE-2025-8917

Path traversal vulnerability in allegroai/clearml v2.0.1 due to unsafe handling of symbolic and hard links in safe_extract. This can lead to arbitrary file writes outside the target directory and potentially remote code execution if critical files are overwritten. Remediation per multiple sources...

5.8CVSS6.8AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/05 10:21 a.m.10 views

CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml

A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...

5.8CVSS0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/05 12:0 a.m.6 views

clearml 安全漏洞

clearml is a large model pipeline tool for allegroai individual developers. A security vulnerability exists in clearml version v2.0.1, which stems from improper handling of symbolic links and hard links by the safeextract function, which could lead to arbitrary file writes and remote code executi...

5.8CVSS6.5AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-21995

Malicious code in bioql PyPI...

9.6CVSS8.6AI score0.0038EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53883

Malicious code in bioql PyPI...

7.7CVSS8.9AI score0.00787EPSS
Exploits1References1
Rows per page
Query Builder