Vulnerability Description
Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Humansignal | Label Studio | < 1.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1fPatch
- https://github.com/HumanSignal/label-studio/releases/tag/1.11.0Release Notes
- https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wExploitThird Party Advisory
- https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1fPatch
- https://github.com/HumanSignal/label-studio/releases/tag/1.11.0Release Notes
- https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wExploitThird Party Advisory
FAQ
What is CVE-2023-47116?
CVE-2023-47116 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that c...
How severe is CVE-2023-47116?
CVE-2023-47116 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47116?
Check the references section above for vendor advisories and patch information. Affected products include: Humansignal Label Studio.