Security
Headlines

Headlines Latest CVEs

Headline

GHSA-pc6f-259w-w3j6: Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. This issue is fixed in version 1.6.0.

2 years ago

#git #ssrf #auth

Heartex - Label Studio Community Edition vulnerable to SSRF in the Data Import module

Moderate severity GitHub Reviewed Published Oct 4, 2022 • Updated Oct 4, 2022

Related news

Label Studio 1.5.0 Server-Side Request Forgery

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

1 year ago

#sql #csrf #vulnerability #google #js #git #ssrf #auth #docker

CVE-2022-36551: Data Labeling Platform for Machine Learning — Heartex

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

2 years ago

#mac #ssrf #auth

ghsa: Latest News

GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

12 hours ago

GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

12 hours ago

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

12 hours ago

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

14 hours ago

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

14 hours ago