Lucene search
+L

5 matches found

cnvd
cnvd
added 2022/10/11 12:0 a.m.33 views

Heartex Label Studio Server-Side Request Forgery Vulnerability

Label Studio is an open source data labeling tool from Heartex. Heartex Label Studio Community Edition 1.5.0 and previous versions contain a server-side request forgery vulnerability that stems from a failure to properly validate user input in the data import module, which could be exploited by a...

6.5CVSS2.4AI score0.05141EPSS
Exploits3References1
osv
osv
added 2022/10/04 12:0 a.m.26 views

GHSA-PC6F-259W-W3J6 Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

7.1CVSS6.2AI score0.05141EPSS
Exploits3References9
github
github
added 2022/10/04 12:0 a.m.29 views

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS6.2AI score0.05141EPSS
Exploits3References9Affected Software1
nvd
nvd
added 2022/10/03 12:15 p.m.20 views

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS0.05141EPSS
Exploits3References3
osv
osv
added 2022/10/03 12:15 p.m.22 views

PYSEC-2022-300

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

6.5CVSS4.8AI score0.05141EPSS
Exploits3References5
Rows per page
Query Builder