3 matches found
CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
Server Side Request Forgery (SSRF)
labelstudio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the lack of proper validation or restrictions on the custom S3 endpoint URL, allowing an attacker to send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint...
Server-side Request Forgery (SSRF)
Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the s3endpoint parameter due to improper input validation. An attacker can make the application send HTTP requests to arbitrary internal services by...