Lucene search
+L

5 matches found

CNVD
CNVD
added 2022/10/11 12:0 a.m.41 views

Heartex Label Studio Server-Side Request Forgery Vulnerability

Label Studio is an open source data labeling tool from Heartex. Heartex Label Studio Community Edition 1.5.0 and previous versions contain a server-side request forgery vulnerability that stems from a failure to properly validate user input in the data import module, which could be exploited by a...

6.5CVSS2.4AI score0.05141EPSS
Exploits3References1
Github Security Blog
Github Security Blog
added 2022/10/04 12:0 a.m.29 views

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS6.2AI score0.05141EPSS
Exploits3References9Affected Software1
OSV
OSV
added 2022/10/04 12:0 a.m.28 views

GHSA-PC6F-259W-W3J6 Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

7.1CVSS6.2AI score0.05141EPSS
Exploits3References9
NVD
NVD
added 2022/10/03 12:15 p.m.20 views

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS0.05141EPSS
Exploits3References3
OSV
OSV
added 2022/10/03 12:15 p.m.23 views

PYSEC-2022-300

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS4.8AI score0.05141EPSS
Exploits3References5
Rows per page
Query Builder