CVE-2022-31188

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31188
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31188.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31188
Aliases
  • GHSA-7vpj-j5xv-29pr
Published
2022-08-01T20:15:08Z
Modified
2024-09-03T04:18:04.260273Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/cvat-ai/cvat

Affected ranges

Type
GIT
Repo
https://github.com/cvat-ai/cvat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/opencv/cvat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.2.0

v0.*

v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-beta.1
v1.0.0-beta.2
v1.1.0
v1.1.0-alpha
v1.1.0-beta
v1.2.0
v1.2.0-beta
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0

v2.*

v2.0.0-alpha