PYSEC-2022-300

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/label-studio/PYSEC-2022-300.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-300

Aliases

Published

2022-10-03T12:15:00Z

Modified

2023-11-08T04:10:03.128023Z

Summary

[none]

Details

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

References

Affected packages

PyPI / label-studio

Package

Name: label-studio; View open source insights on deps.dev
Purl: pkg:pypi/label-studio

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.0.post0

Affected versions

0.*

0.4.0rc1

0.4.0rc2

0.4.0rc3

0.4.0rc4

0.4.0rc5

0.4.0rc6

0.4.0rc7

0.4.0rc8

0.4.1

0.4.2

0.4.3

0.4.4

0.4.4.post1

0.4.4.post2

0.4.5

0.4.6

0.4.6.post1

0.4.6.post2

0.4.7rc1

0.4.7rc2

0.4.7

0.4.8

0.5.0rc1

0.5.0

0.5.1

0.6.0rc1

0.6.0

0.6.1rc0

0.6.1

0.7.0rc0

0.7.0rc1

0.7.0rc2

0.7.0

0.7.1

0.7.2rc0

0.7.2rc1

0.7.2rc2

0.7.2rc3

0.7.2

0.7.3rc0

0.7.3rc1

0.7.3rc2

0.7.3rc3

0.7.3

0.7.4rc0

0.7.4rc1

0.7.4rc2

0.7.4rc3

0.7.4rc4

0.7.4

0.7.4.post0

0.7.4.post1

0.7.5rc0

0.7.5rc1

0.7.5rc2

0.7.5rc3

0.7.5rc4

0.7.5rc5

0.7.5rc6

0.7.5.post1

0.7.5.post2

0.8.0

0.8.0.post0

0.8.1rc0

0.8.1

0.8.1.post0

0.8.2

0.8.2.post0

0.9.0rc1

0.9.0rc2

0.9.0rc3

0.9.0rc4

0.9.0rc5

0.9.0

0.9.0.post2

0.9.0.post3

0.9.0.post4

0.9.0.post5

0.9.1rc0

0.9.1

0.9.1.post0

0.9.1.post1

0.9.1.post2

1.*

1.0.0rc0

1.0.0rc1

1.0.0rc2

1.0.0rc3

1.0.0rc4

1.0.0rc5

1.0.0rc6

1.0.0rc7

1.0.0rc8

1.0.0

1.0.0.post0

1.0.0.post1

1.0.0.post2

1.0.0.post3

1.0.1rc0

1.0.1rc1

1.0.1

1.0.2rc0

1.0.2rc1

1.0.2rc3

1.0.2

1.0.2.post0

1.1.0rc0

1.1.0rc1

1.1.0rc2

1.1.0

1.1.1rc0

1.1.1

1.2rc0

1.2rc1

1.2rc2

1.2rc3

1.2

1.3rc0

1.3rc1

1.3rc2

1.3rc3

1.3rc4

1.3

1.3.post0

1.3.post1

1.4rc0

1.4rc1

1.4rc2

1.4rc3

1.4rc5

1.4rc6

1.4

1.4.1rc0

1.4.1rc1

1.4.1rc2

1.4.1rc3

1.4.1rc4

1.4.1rc5

1.4.1

1.4.1.post0

1.4.1.post1

1.4.2rc0

1.5.0rc0

1.5.0rc1

1.5.0rc2

1.5.0rc3

1.5.0rc4

1.5.0rc5

1.5.0rc6

1.5.0rc7

1.5.0rc8

1.5.0rc9

1.5.0rc10

1.5.0rc11

1.5.0rc12

1.5.0