Label Studio Security Vulnerabilities and Issues — Label Studio CVE List

Lucene search

HumansignalLabel Studio

3 matches found

CVE•added 2024/01/24 12:15 a.m.•72 views

CVE-2024-23633

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious Java...

6.1CVSS6.3AI score0.00111EPSS

CVE•added 2024/01/23 11:15 p.m.•37 views

CVE-2023-47115

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.1AI score0.02251EPSS

CVE•added 2024/01/31 5:15 p.m.•31 views

CVE-2023-47116

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the SSRF_PROTECTION_ENABLED environment variable can be bypassed to access...

5.3CVSS5.1AI score0.00208EPSS