EUVD-2024-21995

Malicious code in bioql PyPI...

EUVD-2024-21996

Malicious code in bioql PyPI...

EUVD-2024-21994

Malicious code in bioql PyPI...

EUVD-2024-0670

Malicious code in bioql PyPI...

ClearML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ClearML instance on the target application. ClearML is an infrastructure platform for AI builders. This detection is included in the AI and LLM category. No source data...

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

CVE-2024-24591

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

CVE-2024-24590

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with...

PT-2024-20472 · Allegro Ai · Clearml

Name of the Vulnerable Software and Affected Versions: Allegro AI’s ClearML platform versions 0.17.0 through 1.14.2 Description: Deserialization of untrusted data can occur in the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end...