Latest version: v1.16.5
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2022-29217 | 49693 |
Clearml 1.4.2rc0 updates its dependency 'pyjwt' requirement to versio… |
|
HIGH | 7.5 |
| CVE-2024-24591 | 65006 |
Clearml 1.14.2 fixes potential path traversal on file download. http… |
|
HIGH | 8.8 |
| CVE-2024-24595 | 66778 |
Allegro AI’s open-source version of ClearML stores passwords in plain… |
|
HIGH | 7.1 |
| CVE-2024-24593 | 66780 |
A cross-site request forgery (CSRF) vulnerability in all versions up … |
|
HIGH | 8.8 |
| PVE-2022-49700 | 49700 |
Clearml 1.0.6rc2 fixes unsafe Google Storage delete object. https://… |
|
- | - |
| PVE-2022-49701 | 49701 |
Clearml 0.17.5rc3 fixes unsafe call to set_active(). https://github.… |
|
- | - |
| CVE-2024-24590 | 65114 |
Clearml version 1.14.3 introduces a hash check for pickle files to ta… |
|
HIGH | 8.8 |
| CVE-2024-24594 | 66779 |
A cross-site scripting (XSS) vulnerability in all versions of the web… |
|
MEDIUM | 5.4 |
| CVE-2024-24592 | 66781 |
Lack of authentication in all versions of the fileserver component of… |
|
CRITICAL | 9.8 |