2 matches found
CVE-2024-23633 Label Studio XSS Vulnerability on Data Import
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
CVE-2024-23633
CVE-2024-23633 affects Label Studio (open‑source data labeling tool) prior to version 1.10.1. The issue arises in the remote import feature: when a URL is fetched, the server uses the URL’s filename and returns a file via an API, with the response content type determined by the file’s extension (...