3 matches found
CVE-2025-25297
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...
CVE-2025-25297
Label Studio (Open Source) contains a CVE-2025-25297 SSRF in the S3 storage endpoint configuration prior to version 1.16.0. The s3_endpoint parameter is passed directly to the boto3 AWS SDK without validation, allowing an authenticated user to trigger HTTP requests to arbitrary internal services ...
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3endpoint parameter. This endpoint U...