114 matches found
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
CVE-2026-8387
CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...
EUVD-2026-40957
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
Malicious code in clearml-truen-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...
CVE-2025-8917
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
PT-2025-41182
🟠 ClearML Path Traversal Vulnerability CVE-2025-45403 Moderate https://t.co/AwPuWdbUZK...
Directory Traversal
Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write arbitrary files outside the intended directory by exploiting improper...
GHSA-579P-QF78-FQM2 clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...
clearml-darknet-py (>=0.1.0 <=0.2.1), eml-scheduler (>=0.0.1 <=0.0.2) +10 more potentially affected by CVE-2025-8917 via clearml (>=0.17.4 <=1.8.0)
clearml PYPI version =0.17.4, =0.1.0, =0.0.1, =0.1.202405161324, =0.0.1, =0.6.0, =0.7.0, =0.0.0, =1.4.8 Source cves: CVE-2025-8917 Source advisory: OSV:GHSA-579P-QF78-FQM2...
EUVD-2025-32454
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
clearml is vulnerable to Path Traversal through its `safe_extract` function
A vulnerability in clearml versions before 2.0.2 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical files...
CVE-2025-8917
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917 Path Traversal Leading to Remote Code Execution in allegroai/clearml
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the safeextract function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code execution if critical fil...
CVE-2025-8917
Path traversal vulnerability in allegroai/clearml v2.0.1 due to unsafe handling of symbolic and hard links in safe_extract. This can lead to arbitrary file writes outside the target directory and potentially remote code execution if critical files are overwritten. Remediation per multiple sources...
clearml 安全漏洞
clearml is a large model pipeline tool for allegroai individual developers. A security vulnerability exists in clearml version v2.0.1, which stems from improper handling of symbolic links and hard links by the safeextract function, which could lead to arbitrary file writes and remote code executi...
EUVD-2024-21995
Malicious code in bioql PyPI...
EUVD-2024-53883
Malicious code in bioql PyPI...