PYSEC-2022-300

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/label-studio/PYSEC-2022-300.yaml

Aliases

Published

2022-10-03T12:15:00Z

Modified

2023-11-08T04:10:03.128023Z

Details

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

References

Affected packages

PyPI / label-studio

Package

Name: label-studio

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.5.0.post0

Affected versions

0.*

0.4.0rc1

0.4.0rc2

0.4.0rc3

0.4.0rc4

0.4.0rc5

0.4.0rc6

0.4.0rc7

0.4.0rc8

0.4.1

0.4.2

0.4.3

0.4.4

0.4.4.post1

0.4.4.post2

0.4.5

0.4.6

0.4.6.post1

0.4.6.post2

0.4.7rc1

0.4.7rc2

0.4.7

0.4.8

0.5.0rc1

0.5.0

0.5.1

0.6.0rc1

0.6.0

0.6.1rc0

0.6.1

0.7.0rc0

0.7.0rc1

0.7.0rc2

0.7.0

0.7.1

0.7.2rc0

0.7.2rc1

0.7.2rc2

0.7.2rc3

0.7.2

0.7.3rc0

0.7.3rc1

0.7.3rc2

0.7.3rc3

0.7.3

0.7.4rc0

0.7.4rc1

0.7.4rc2

0.7.4rc3

0.7.4rc4

0.7.4

0.7.4.post0

0.7.4.post1

0.7.5rc0

0.7.5rc1

0.7.5rc2

0.7.5rc3

0.7.5rc4

0.7.5rc5

0.7.5rc6

0.7.5.post1

0.7.5.post2

0.8.0

0.8.0.post0

0.8.1rc0

0.8.1

0.8.1.post0

0.8.2

0.8.2.post0

0.9.0rc1

0.9.0rc2

0.9.0rc3

0.9.0rc4

0.9.0rc5

0.9.0

0.9.0.post2

0.9.0.post3

0.9.0.post4

0.9.0.post5

0.9.1rc0

0.9.1

0.9.1.post0

0.9.1.post1

0.9.1.post2

1.*

1.0.0rc0

1.0.0rc1

1.0.0rc2

1.0.0rc3

1.0.0rc4

1.0.0rc5

1.0.0rc6

1.0.0rc7

1.0.0rc8

1.0.0

1.0.0.post0

1.0.0.post1

1.0.0.post2

1.0.0.post3

1.0.1rc0

1.0.1rc1

1.0.1

1.0.2rc0

1.0.2rc1

1.0.2rc3

1.0.2

1.0.2.post0

1.1.0rc0

1.1.0rc1

1.1.0rc2

1.1.0

1.1.1rc0

1.1.1

1.2rc0

1.2rc1

1.2rc2

1.2rc3

1.2

1.3rc0

1.3rc1

1.3rc2

1.3rc3

1.3rc4

1.3

1.3.post0

1.3.post1

1.4rc0

1.4rc1

1.4rc2

1.4rc3

1.4rc5

1.4rc6

1.4

1.4.1rc0

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.1rc5

1.4.1

1.4.1.post0

1.4.1.post1

1.4.2rc0

1.5.0rc0

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.0rc4

1.5.0rc5

1.5.0rc6

1.5.0rc7

1.5.0rc8

1.5.0rc9

1.5.0rc10

1.5.0rc11

1.5.0rc12

1.5.0