Server-side Request Forgery (SSRF) Affecting label-studio package, versions [,1.16.0)
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-LABELSTUDIO-8730847
- published16 Feb 2025
- disclosed14 Feb 2025
- creditxbow-security
Introduced: 14 Feb 2025
NewCVE-2025-25297 (opens in a new tab)How to fix?
Upgrade label-studio to version 1.16.0 or higher.
Overview
label-studio is a Label Studio annotation tool
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the s3_endpoint parameter due to improper input validation. An attacker can make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint.
Workaround
Implement strict validation of S3 endpoint URLs to allow only valid S3 service endpoints, add an allowlist of endpoint domains and protocols, sanitize error messages to prevent leakage of sensitive information from failed requests, and consider implementing network-level controls to restrict outbound connections from the application server.
PoC
{
"project": 1,
"title": "Test Storage",
"bucket": "<filename>",
"s3_endpoint": "http://internal-web",
"use_blob_urls": true,
"aws_access_key_id": "test",
"aws_secret_access_key": "test"
}