label-studio@1.4.1.post1 vulnerabilities

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the /projects/upload-example endpoint due to improper sanitization of the input passed to the label_config query parameter.

Upgrade label-studio to version 1.16.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the s3_endpoint parameter due to improper input validation. An attacker can make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint.

Upgrade label-studio to version 1.16.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Improper Input Validation due to incomplete URL substring sanitization through the encodeSVG function.

Upgrade label-studio to version 1.12.1 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Improper Control of Interaction Frequency in the /users/forms.py file. An attacker might submit an exceptionally long email, potentially causing issues such as buffer overflows or denial-of-service (DoS) attacks by consuming excessive resources.

Upgrade label-studio to version 1.5.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Arbitrary File Upload due to improper security checks. This could lead to malicious files being uploaded.

Upgrade label-studio to version 1.8.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to improper sanitization of data imported via the file upload feature before rendering within a Choices or Labels tag. An attacker can inject malicious scripts into the web page, which could be executed in the context of the user's browser session by uploading a file containing a payload.

Note:

This is only exploitable if the attacker has permission to use the "data import" function.

Upgrade label-studio to version 1.11.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the validate_upload_url function. An attacker can bypass SSRF protections (SSRF_PROTECTION_ENABLED) and access internal web servers, potentially compromising the confidentiality of those servers by using HTTP redirection or performing a DNS rebinding attack.

Upgrade label-studio to version 1.11.0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Cross-site Scripting via the avatar image upload functionality. An attacker can execute arbitrary JavaScript and perform malicious actions if they upload a crafted image file that gets rendered as an HTML file on the website.

Note: If an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. This could have subsequent system impact

Upgrade label-studio to version 1.9.2.post0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Cross-site Scripting via the remote import feature which allowed users to import data from a remote web source. An attacker can execute malicious JavaScript code in the context of the website by crafting a payload that, when visited, performs unauthorized actions such as adding a new super administrator user.

Note:

If an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. This may highly impact the subsequent system.

Upgrade label-studio to version 1.10.1 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor through the application's ability to set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). As the results of the query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. Furthermore, the application had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes.

Upgrade label-studio to version 1.9.2.post0 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to improper authentication sanitization. An attacker can forge session tokens for all users on Label Studio using the hard coded SECRET_KEY.

Upgrade label-studio to version 1.8.2 or higher.

label-studio is a Label Studio annotation tool

Affected versions of this package are vulnerable to Directory Traversal which allows unauthenticated attackers to read all files on /label_studio/core/.

Upgrade label-studio to version 1.7.2 or higher.