5 matches found
Heartex Label Studio Server-Side Request Forgery Vulnerability
Label Studio is an open source data labeling tool from Heartex. Heartex Label Studio Community Edition 1.5.0 and previous versions contain a server-side request forgery vulnerability that stems from a failure to properly validate user input in the data import module, which could be exploited by a...
GHSA-PC6F-259W-W3J6 Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...
Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module
A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...
CVE-2022-36551
A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...
PYSEC-2022-300
A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...