Lucene search
Veracode Vulnerability DatabaseVERACODE:45391HistoryFeb 07, 2024 - 7:34 a.m.
Insecure Deserialisation
2024-02-0707:34:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
clearml
insecure deserialization
project api
malicious file
arbitrary code
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
49.5%
clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user’s system.
Related
prion
prion
Deserialization of untrusted data
2024-02-06 15:15:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Clear Clearml
2024-06-11 22:30:26
Exploit for Deserialization of Untrusted Data in Clear Clearml
2024-06-13 22:17:57
Exploit for Deserialization of Untrusted Data in Clear Clearml
2024-06-11 17:33:36
nvd
nvd
CVE-2024-24590
2024-02-06 15:15:09
github
github
Allegro AI ClearML vulnerable to deserialization of untrusted data
2024-02-06 15:32:06
osv
osv
Allegro AI ClearML vulnerable to deserialization of untrusted data
2024-02-06 15:32:06
cvelist
cvelist
CVE-2024-24590
2024-02-06 14:40:26
cve
cve
CVE-2024-24590
2024-02-06 15:15:09
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
49.5%
Related for VERACODE:45391