6 matches found
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
Directory Traversal
Overview clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write arbitrary files outside the intended directory by exploiting improper...
PT-2025-40805
Name of the Vulnerable Software and Affected Versions allegroai/clearml version v2.0.1 Description A flaw exists in the handling of symbolic and hard links within the safe extract function, leading to a path traversal issue. This can result in arbitrary file writes outside the intended directory...
Exploit for Deserialization of Untrusted Data in Clear Clearml
Clearml-CVE-2024-24590 CVE-2024-24590 is a vulnerability that...
erknextframegen (=0.0.1), modelcellsignaling (>=0.0.1 <=1.0.0) +1 more potentially affected by CVE-2024-24595 via clearml (>=0.17.4 <=1.10.4)
clearml PYPI version =0.17.4, =0.0.1, =0.2.19, =1.4.2 Source cves: CVE-2024-24595 Source advisory: OSV:GHSA-GVQV-H7HH-6FCC...
Allegro Path Traversal Vulnerability
Allegro is an open source cross-platform library from Allegro that focuses on video game and multimedia programming. A path traversal vulnerability exists in Allegro AI ClearML version 1.4.0 and later. An attacker can exploit this vulnerability to write a local or remote file to an arbitrary...