Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
humansignal label studio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-26152
### Summary On all Label Studio versions before 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnera...
5.3
CVSSv3
CVE-2023-47116
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio before 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable c...
Humansignal Label Studio
6.1
CVSSv3
CVE-2024-23633
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that exec...
Humansignal Label Studio
5.4
CVSSv3
CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions before 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Ex...
Humansignal Label Studio
7.5
CVSSv3
CVE-2023-47117
Label Studio is an open source data labeling tool. In all current versions of Label Studio before 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all use...
Humansignal Label Studio 1.9.2
Humansignal Label Studio
8.8
CVSSv3
CVE-2023-43791
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate t...
Humansignal Label Studio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started