label-studio@1.7.1 vulnerabilities

Label Studio annotation tool

Direct Vulnerabilities

Known vulnerabilities in the label-studio package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Input Validation

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Improper Input Validation due to incomplete URL substring sanitization through the encodeSVG function.

How to fix Improper Input Validation?

Upgrade label-studio to version 1.12.1 or higher.

[,1.12.1)
  • M
Arbitrary File Upload

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Arbitrary File Upload due to improper security checks. This could lead to malicious files being uploaded.

How to fix Arbitrary File Upload?

Upgrade label-studio to version 1.8.0 or higher.

[,1.8.0)
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to improper sanitization of data imported via the file upload feature before rendering within a Choices or Labels tag. An attacker can inject malicious scripts into the web page, which could be executed in the context of the user's browser session by uploading a file containing a payload.

Note:

This is only exploitable if the attacker has permission to use the "data import" function.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

Upgrade label-studio to version 1.11.0 or higher.

[,1.11.0)
  • M
Server-Side Request Forgery (SSRF)

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the validate_upload_url function. An attacker can bypass SSRF protections (SSRF_PROTECTION_ENABLED) and access internal web servers, potentially compromising the confidentiality of those servers by using HTTP redirection or performing a DNS rebinding attack.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade label-studio to version 1.11.0 or higher.

[,1.11.0)
  • H
Cross-site Scripting

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Cross-site Scripting via the avatar image upload functionality. An attacker can execute arbitrary JavaScript and perform malicious actions if they upload a crafted image file that gets rendered as an HTML file on the website.

Note: If an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. This could have subsequent system impact

How to fix Cross-site Scripting?

Upgrade label-studio to version 1.9.2.post0 or higher.

[,1.9.2.post0)
  • M
Cross-site Scripting

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Cross-site Scripting via the remote import feature which allowed users to import data from a remote web source. An attacker can execute malicious JavaScript code in the context of the website by crafting a payload that, when visited, performs unauthorized actions such as adding a new super administrator user.

Note:

If an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. This may highly impact the subsequent system.

How to fix Cross-site Scripting?

Upgrade label-studio to version 1.10.1 or higher.

[,1.10.1)
  • H
Exposure of Sensitive Information to an Unauthorized Actor

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor through the application's ability to set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). As the results of the query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. Furthermore, the application had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

Upgrade label-studio to version 1.9.2.post0 or higher.

[,1.9.2.post0)
  • C
Exposure of Sensitive Information to an Unauthorized Actor

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to improper authentication sanitization. An attacker can forge session tokens for all users on Label Studio using the hard coded SECRET_KEY.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

Upgrade label-studio to version 1.8.2 or higher.

[,1.8.2)
  • H
Directory Traversal

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Directory Traversal which allows unauthenticated attackers to read all files on /label_studio/core/.

How to fix Directory Traversal?

Upgrade label-studio to version 1.7.2 or higher.

[,1.7.2)