label-studio@1.10.0 vulnerabilities
Label Studio annotation tool
-
latest version
1.12.0.post0
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
7 days ago
-
licenses detected
- [1.1.0rc0,)
Direct Vulnerabilities
Known vulnerabilities in the label-studio package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to improper sanitization of data imported via the file upload feature before rendering within a Note: This is only exploitable if the attacker has permission to use the "data import" function. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? Upgrade |
[,1.11.0)
|
label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,1.11.0)
|
label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting via the remote import feature which allowed users to import data from a remote web source. An attacker can execute malicious JavaScript code in the context of the website by crafting a payload that, when visited, performs unauthorized actions such as adding a new super administrator user. Note: If an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. This may highly impact the subsequent system. How to fix Cross-site Scripting? Upgrade |
[,1.10.1)
|