Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-24590 PoC — Allegro 代码问题漏洞

Source
https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit
Associated Vulnerability
Title:Allegro 代码问题漏洞 (CVE-2024-24590)
Description:Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Readme
# CVE-2024-24590-ClearML-RCE-Exploit

Python script that exploits the vulnerability CVE-2024-24590 in ClearML, leveraging pickle file deserialization to execute arbitrary code.

![screenshot](_img/screenshot.png)

## Installation

**Install the required dependencies before proceeding**

Tested on Python 3.9+

### Clone the Repository

```sh
git clone https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit.git
cd CVE-2024-24590-ClearML-RCE-Exploit
python3 exploit.py
```
File Snapshot

 [4.0K]  /data/pocs/2b4ff8f86a175d0629ec5e367bf43309e2813b4d
├── [5.2K]  exploit.py
├── [4.0K]  _img
│   └── [ 10K]  screenshot.png
├── [ 479]  README.md
└── [  27]  requirements.txt

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →