CVE-2024-24590 PoC — Allegro 代码问题漏洞

Source

https://github.com/sviim/ClearML-CVE-2024-24590

Associated Vulnerability

Title:Allegro 代码问题漏洞 (CVE-2024-24590)
Description:Allegro是Allegro开源的一个主要针对视频游戏和多媒体编程的跨平台库。 Allegro AI ClearML 0.17.0版本及之后版本存在代码问题漏洞，该漏洞源于不可信数据反序列化。攻击者利用该漏洞可以执行任意代码。

Description

With this script you can exploit the CVE-2024-24590

Readme

# Clearml-CVE-2024-24590

CVE-2024-24590 is a vulnerability that can be exploited when there is improper deserialization on the server side, in this case, Clearml.

When an attacker creates a malicious Pickle file, they can execute arbitrary code on the victim who deserializes the Pickle file, which can escalate to a reverse shell for remote command execution.


Don't forget to install clearml lib
``` 
python -m venv .g
source .g/bin/activate/
pip install clearml
```

File Snapshot


 [4.0K]  /data/pocs/3c6e9ee3778b52b13ca6eccfe1da4c4e424620f2
├── [ 473]  README.md
└── [ 786]  scriptls.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!