15 matches found
EUVD-2021-30615
Malicious code in bioql PyPI...
CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...
Label Studio 安全漏洞
Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...
Cross site scripting
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...
PYSEC-2023-275
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
PYSEC-2023-274
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
Heartex Label Studio Server-Side Request Forgery Vulnerability
Label Studio is an open source data labeling tool from Heartex. Heartex Label Studio Community Edition 1.5.0 and previous versions contain a server-side request forgery vulnerability that stems from a failure to properly validate user input in the data import module, which could be exploited by a...
s3label 路径遍历漏洞
S3Label is an open source browser-based tool for quickly labeling images from Stone Three. A path traversal vulnerability exists in s3label on 2019-08-14 and prior versions, which stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...
CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode...
CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode...
Design/Logic Flaw
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode...
CVE-2021-43708
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode...
CVE-2021-43708
The CVE-2021-43708 entry concerns Titus Classification Suite version 18.8.1910.140. The issue centers on the labeling tool, where a user can avoid generating a classification label by leveraging Excel’s Safe Mode. Documents explicitly tie the vulnerability to a bypass of the label generation mech...
AVCLASS++ - Yet Another Massive Malware Labeling Tool
AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...