-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability description explicitly references unsafe deserialization occurring when interacting with artifacts via the client SDK. The HiddenLayer research blog specifically identifies the Artifact.get() method as the vulnerable entry point that triggers pickle deserialization. While exact file paths aren't disclosed in public sources, the Artifact class handling is core to the package's artifact management functionality, and the method's purpose aligns with the described attack vector of malicious artifact interaction.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| clearml | pip | >= 0.17.0, <= 1.14.1 |
Ongoing coverage of React2Shell