Humansignal

Label Studio

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-22033

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.01.2026 17:47:34
  • Zuletzt bearbeitet 27.01.2026 20:39:07

Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who c...

6.1

CVE-2025-47783

Exploit
  • EPSS 0.07%
  • Veröffentlicht 14.05.2025 23:15:48
  • Zuletzt bearbeitet 22.08.2025 20:24:03

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized ...

6.1

CVE-2025-25296

Exploit
  • EPSS 4.4%
  • Veröffentlicht 14.02.2025 20:15:36
  • Zuletzt bearbeitet 25.08.2025 01:15:44

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By...

7.7

CVE-2025-25297

Exploit
  • EPSS 0.16%
  • Veröffentlicht 14.02.2025 20:15:36
  • Zuletzt bearbeitet 25.08.2025 01:17:33

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connectio...

8.7

CVE-2025-25295

  • EPSS 0.07%
  • Veröffentlicht 14.02.2025 17:15:20
  • Zuletzt bearbeitet 14.02.2025 17:15:20

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export ...

6.1

CVE-2024-26152

Exploit
  • EPSS 1.34%
  • Veröffentlicht 22.02.2024 22:15:47
  • Zuletzt bearbeitet 16.05.2025 14:18:25

### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) ...

5.3

CVE-2023-47116

Exploit
  • EPSS 0.27%
  • Veröffentlicht 31.01.2024 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:29:48

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENAB...

6.1

CVE-2024-23633

  • EPSS 0.15%
  • Veröffentlicht 24.01.2024 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:58:02

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to ...

5.4

CVE-2023-47115

Exploit
  • EPSS 1.78%
  • Veröffentlicht 23.01.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:48

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered a...

7.5

CVE-2023-47117

Exploit
  • EPSS 65.77%
  • Veröffentlicht 13.11.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:48

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based...