Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-36551

Published: 03/10/2022 Updated: 28/03/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Label Studio

Vulnerability Summary

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and previous versions allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote malicious user to create a new account and then exploit the SSRF.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

heartex label studio

Exploits

Exploit DB: Label Studio 1.5.0 Server-Side Request Forgery
Label Studio versions 150 and below suffer from a server-side request forgery vulnerability ...

References

CWE-918http://heartex.comhttp://labelstud.iohttps://github.com/heartexlabs/label-studio/pull/2840http://packetstormsecurity.com/files/171548/Label-Studio-1.5.0-Server-Side-Request-Forgery.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/171548/Label-Studio-1.5.0-Server-Side-Request-Forgery.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook