Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-24590 PoC — Allegro 代码问题漏洞

Source
https://github.com/DemonPandaz2763/CVE-2024-24590
Associated Vulnerability
Title:Allegro 代码问题漏洞 (CVE-2024-24590)
Description:Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Description
Another CVE-2024-24590 poc
Readme
NOTE: this cve was not found by me, i'm simply reuploading a poc. The original documentation can be found here: https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/

Make sure to change the netcat payload in the script. You may need a clearml agent.
File Snapshot

 [4.0K]  /data/pocs/f75747cc6047b197ddd7a4fe6efec38e57d344c3
├── [ 424]  exploit.py
└── [ 306]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →