Lucene search
+L

179 matches found

cvelist
cvelist
added 2024/01/31 4:21 p.m.53 views

CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

5.3CVSS5.4AI score0.00737EPSS
Exploits1References3
osv
osv
added 2024/01/31 4:21 p.m.28 views

CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...

5.3CVSS5.2AI score0.00737EPSS
Exploits1References5
cnnvd
cnnvd
added 2024/01/31 12:0 a.m.37 views

Label Studio 代码问题漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats . A code issue vulnerability exists in Label Studio versions prior ...

5.3CVSS6.1AI score0.00737EPSS
Exploits1References4
osv
osv
added 2024/01/24 2:21 p.m.33 views

GHSA-FQ23-G58M-799R Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

4.7CVSS5.5AI score0.00592EPSS
Exploits0References7
osv
osv
added 2024/01/24 2:21 p.m.28 views

GHSA-Q68H-XWQ5-MM7X Cross-site Scripting Vulnerability on Avatar Upload

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2 and was tested on version 1.8.2. Overview Label Studio has a cross-site scripting XSS vulnerability that coul...

7.1CVSS6AI score0.01448EPSS
Exploits1References8
veracode
veracode
added 2024/01/24 11:25 a.m.22 views

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...

6.1CVSS6.5AI score0.00592EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/01/24 12:15 a.m.33 views

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS5.3AI score0.00592EPSS
Exploits0References4
osv
osv
added 2024/01/24 12:15 a.m.13 views

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS6.3AI score0.00592EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/01/23 11:15 p.m.28 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

4.7CVSS6.9AI score0.00592EPSS
Exploits0References4
cve
cve
added 2024/01/23 11:15 p.m.91 views

CVE-2024-23633

CVE-2024-23633 affects Label Studio (open‑source data labeling tool) prior to version 1.10.1. The issue arises in the remote import feature: when a URL is fetched, the server uses the URL’s filename and returns a file via an API, with the response content type determined by the file’s extension (...

6.1CVSS6.3AI score0.00592EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/01/23 11:15 p.m.29 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

4.7CVSS6.3AI score0.00592EPSS
Exploits0References6
pypa
pypa
added 2024/01/23 11:15 p.m.8 views

PYSEC-2024-126

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.9AI score0.01448EPSS
Exploits1References6Affected Software1
osv
osv
added 2024/01/23 10:49 p.m.26 views

CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.5AI score0.01448EPSS
Exploits1References7
cve
cve
added 2024/01/23 10:49 p.m.71 views

CVE-2023-47115

CVE-2023-47115 : Label Studio before version 1.9.2 contains an XSS vulnerability via avatar upload. The vulnerability stems from the avatar handling in label_studio/users/functions.py, which only validates that the uploaded file is an image by checking dimensions; it does not securely validate th...

7.1CVSS5.1AI score0.01448EPSS
Exploits1References5Affected Software1
vulnrichment
vulnrichment
added 2024/01/23 10:49 p.m.5 views

CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.6AI score0.01448EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/01/23 12:0 a.m.3 views

PT-2024-13407 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.9.2 Description: The issue is a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the...

7.1CVSS5.6AI score0.01448EPSS
Exploits1References11
cnnvd
cnnvd
added 2024/01/23 12:0 a.m.7 views

Label Studio Cross-Site Scripting Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

6.1CVSS6.1AI score0.00592EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/01/23 12:0 a.m.6 views

Label Studio Cross-Site Scripting Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A cross-site scripting vulnerability exists in Label Studio versio...

7.1CVSS6AI score0.01448EPSS
Exploits1References7
osv
osv
added 2023/11/14 6:27 p.m.34 views

GHSA-6HJJ-GQ77-J4QW Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...

7.5CVSS7.5AI score0.04055EPSS
Exploits3References5
github
github
added 2023/11/14 6:27 p.m.54 views

Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.9.2post0 and was tested on version 1.8.2. Overview In all current versions of Label Studio, the application allow...

7.5CVSS7AI score0.04055EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder