2 matches found
CVE-2022-31188
CVAT (CVE-2022-31188) contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 2.0.0, tied to URL handling without proper validation. Version 2.0.0 introduced input validation in the affected code path, and users are advised to upgrade to 2.0.0 or later. There are no docum...
CVE-2024-47172
CVAT vulnerability (CVE-2024-47172) : Multiple connected sources confirm that CVAT (Computer Vision Annotation Tool) versions prior to 2.19.1 are affected. An attacker with a CVAT account can retrieve information about any project, task, job, or membership resource on the instance, mirroring data...