2 matches found
Server Side Request Forgery (SSRF)
labelstudio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of proper validation or restrictions on the custom S3 endpoint URL, allowing an attacker to send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint...
Server-side Request Forgery (SSRF)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the s3endpoint parameter due to improper input validation. An attacker can make the application send HTTP requests to arbitrary internal services by...