Lucene search

CVE-2024-23633

🗓️ 24 Jan 2024 00:08:15Reported by GoogleType

osv🔗 osv.dev👁 12 Views

Label Studio remote import feature allows remote web source data import, allowing execution of malicious JavaScript code. Vulnerable versions prior to 1.10.1 could lead to server side request forgery and Django Super Administrator user addition.

Reporter	Title	Published	Views	Family All 8
Veracode	Cross Site Scripting (XSS)	24 Jan 202411:25	–	veracode
Cvelist	CVE-2024-23633 Label Studio XSS Vulnerability on Data Import	23 Jan 202423:15	–	cvelist
Prion	Server side request forgery (ssrf)	24 Jan 202400:15	–	prion
CVE	CVE-2024-23633	24 Jan 202400:15	–	cve
NVD	CVE-2024-23633	24 Jan 202400:15	–	nvd
Vulnrichment	CVE-2024-23633 Label Studio XSS Vulnerability on Data Import	23 Jan 202423:15	–	vulnrichment
OSV	Cross-site Scripting Vulnerability on Data Import	24 Jan 202414:21	–	osv
Github Security Blog	Cross-site Scripting Vulnerability on Data Import	24 Jan 202414:21	–	github

Source	Link
github	www.github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r
developer	www.developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
github	www.github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py
github	www.github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jan 2024 00:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS34.7 - 6.1

EPSS0.00103

SSVC