Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code on an end user's system by uploading a malicious pickle file as an artifact that triggers the deserialization flaw when a user calls the `get` method within the `Artifact` class to download and load a file into memory. How to fix Deserialization of Untrusted Data? Upgrade `clearml` to version 1.14.3rc0 or higher.	[0.17.0,1.14.3rc0)
H Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') inside the `Datasets` class within the `_download_external_files` method. An attacker can upload a malicious dataset that can write local or remote files to an arbitrary location on the system when a user interacts with it. How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? Upgrade `clearml` to version 1.14.2 or higher.	[,1.14.2)

Deserialization of Untrusted Data

clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code on an end user's system by uploading a malicious pickle file as an artifact that triggers the deserialization flaw when a user calls the get method within the Artifact class to download and load a file into memory.

How to fix Deserialization of Untrusted Data?

Upgrade clearml to version 1.14.3rc0 or higher.

[0.17.0,1.14.3rc0)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI

Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') inside the Datasets class within the _download_external_files method. An attacker can upload a malicious dataset that can write local or remote files to an arbitrary location on the system when a user interacts with it.

How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?

Upgrade clearml to version 1.14.2 or higher.

[,1.14.2)

Go back to all versions of this package