6 matches found
CVE-2023-47116
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
CVE-2023-47116
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
CVE-2023-47116
Summary: CVE-2023-47116 affects Label Studio versions before 1.11.0 (tested on 1.8.2). The SSRF protection that is enabled via SSRF_PROTECTION_ENABLED can be bypassed because SSRF validation only checks a single DNS lookup before the request, and does not validate the final destination IP, allowi...
CVE-2023-47116 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRFPROTECTIONENABLED environment variable can be bypassed to access...
CVE-2023-47116
creationtimestamp| type| source ---|---|--- 2024-01-30 23:07:22+00:00| published-proof-of-concept| https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r 2024-02-09 19:17:13+00:00| seen| https://t.me/ctinow/182203...