Lucene search

K

4 matches found

CVE
CVE
added 2025/02/14 8:15 p.m.98 views

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

8.6CVSS7AI score0.00076EPSS
CVE
CVE
added 2025/02/14 8:15 p.m.75 views

CVE-2025-25296

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted label_config query parameter. By crafting a specially formatted XML label config with i...

6.1CVSS6.8AI score0.01402EPSS
CVE
CVE
added 2025/02/14 5:15 p.m.60 views

CVE-2025-25295

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a downloa...

8.7CVSS6.3AI score0.00162EPSS
CVE
CVE
added 2025/05/14 11:15 p.m.39 views

CVE-2025-47783

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks....

7.6CVSS7AI score0.0007EPSS