PyPI/clearml — 4 CVEs

HIGH8.8CVE-2024-24591Allegro AI ClearML path traversal vulnerability

>= 0.17.0, <= 1.14.1

HIGH8.8CVE-2024-24590Allegro AI ClearML vulnerable to deserialization of untrusted data

>= 0.17.0, <= 1.14.1

MEDIUM6.0CVE-2024-24595Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance

from 0, <= 1.14.2

MEDIUM5.8clearml is vulnerable to Path Traversal through its `safe_extract` function

from 0, < 2.0.2

pkg:PyPI/clearml