Share
## https://sploitus.com/exploit?id=FCB79465-1767-5AE8-A21E-6C8FE89E0F66
```

   _____ _                 __  __ _        _____   ____   _____ 
  / ____| |               |  \/  | |      |  __ \ / __ \ / ____|
 | |    | | ___  __ _ _ __| \  / | |      | |__) | |  | | |     
 | |    | |/ _ \/ _` | '__| |\/| | |      |  ___/| |  | | |     
 | |____| |  __/ (_| | |  | |  | | |____  | |    | |__| | |____ 
  \_____|_|\___|\__,_|_|  |_|  |_|______| |_|     \____/ \_____| - 2024-24590 x OxyDe
                                                                
                                                                

```


# ClearML Pickle Artifact Upload PoC

This project demonstrates how to dynamically upload a pickle artifact to ClearML with configurable parameters via command line arguments. 
The script initializes a ClearML task, dynamically configures a command for reverse shell execution, and uploads it as an artifact. (PoC-CVE-2024-24590)

Referer : https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/


## Prerequisites

- Python 3.6+
- `clearml` package
- `argparse` package
- `pickle` package
- `os` module

## Installation

1. Install ClearML package:
    ```bash
    pip install clearml
    ```

2. Clone the repository:
    ```bash
    git clone https://github.com/OxyDeV2/PoC-CVE-2024-24590.git
    cd PoC-CVE-2024-24590
    ```



## Usage

To run the script, use the following command with the appropriate arguments:

```bash
python script.py --project_name "<project_name>" --task_name "<task_name>" --tags <tag1> <tag2> ... --artifact_name "<artifact_name>" --ip "<ip_address>" --port "<port>"
```

Thanks to Skriix :)