Allegroai Clearml
Monthly
Zip slip (relative path traversal) in ClearML's StorageManager._extract_to_cache() allows a network-positioned attacker to write arbitrary files to the host filesystem, with confirmed RCE potential via cron job injection, SSH authorized_keys overwrite, or web shell deployment. Affected are all versions up to and including 1.16.5; the official CVSS score of 2.4 with I:L severely understates the real-world impact given the documented RCE paths. No KEV listing and no EPSS data were provided, but the presence of a public bounty report and a confirmed fix commit indicates the issue is verified. The fix is available in version 2.1.6.
Zip slip (relative path traversal) in ClearML's StorageManager._extract_to_cache() allows a network-positioned attacker to write arbitrary files to the host filesystem, with confirmed RCE potential via cron job injection, SSH authorized_keys overwrite, or web shell deployment. Affected are all versions up to and including 1.16.5; the official CVSS score of 2.4 with I:L severely understates the real-world impact given the documented RCE paths. No KEV listing and no EPSS data were provided, but the presence of a public bounty report and a confirmed fix commit indicates the issue is verified. The fix is available in version 2.1.6.