From e506831599bd8e072e5e54266abfccdfbe4be2ac Mon Sep 17 00:00:00 2001
From: allegroai <>
Date: Fri, 9 Feb 2024 18:13:08 +0200
Subject: [PATCH] Add hash check for pickle files (CVE-2024-24590)

---
 clearml/binding/artifacts.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/clearml/binding/artifacts.py b/clearml/binding/artifacts.py
index 5577bf24..99d02668 100644
--- a/clearml/binding/artifacts.py
+++ b/clearml/binding/artifacts.py
@@ -203,6 +203,10 @@ def get(self, force_download=False, deserialization_function=None):
                 with open(local_file, "rt") as f:
                     self._object = f.read()
             elif self.type == "pickle":
+                if self.hash:
+                    file_hash, _ = sha256sum(local_file, block_size=Artifacts._hash_block_size)
+                    if self.hash != file_hash:
+                        raise Exception("incorrect pickle file hash, artifact file might be corrupted")
                 with open(local_file, "rb") as f:
                     self._object = pickle.load(f)
         except Exception as e: