CVE-2023-47116
published 2024-01-31CVE-2023-47116: Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.74%
49.9th percentile
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| humansignal | label-studio | < 1.11.0 | 1.11.0 |
| humansignal | label-studio | >= 0 < 1.11.0 | 1.11.0 |
| humansignal | label-studio | >= 0 < 55dd6af4716b92f2bb213fe461d1ffbc380c6a64 | 55dd6af4716b92f2bb213fe461d1ffbc380c6a64 |
| humansignal | label_studio | < 1.11.0 | 1.11.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
ghsa·2024-01-31
CVE-2023-47116 [MEDIUM] CWE-918 Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
# Introduction
This write-up describes a vulnerability found in [Label Studio](https://github.com/HumanSignal/label-studio), a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to [`1.11.0`](https://github.com/HumanSignal/label-studio/releases/tag/1.11.0) and was tested on version `1.8.2`.
# Overview
Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP r
OSV
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
osv·2024-01-31
CVE-2023-47116 [MEDIUM] Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
# Introduction
This write-up describes a vulnerability found in [Label Studio](https://github.com/HumanSignal/label-studio), a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to [`1.11.0`](https://github.com/HumanSignal/label-studio/releases/tag/1.11.0) and was tested on version `1.8.2`.
# Overview
Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP r
OSV
CVE-2023-47116: Label Studio is a popular open source data labeling tool
osv·2024-01-31
CVE-2023-47116 CVE-2023-47116: Label Studio is a popular open source data labeling tool
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64https://github.com/HumanSignal/label-studio/releases/tag/1.11.0https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8rhttps://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64https://github.com/HumanSignal/label-studio/releases/tag/1.11.0https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r
2024-01-31
Published