CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Description
A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. The flaw exists in the VOC, COCO and YOLO export functionalites. These functions invoke a download function on the label-studio-sdk python package, which fails to validate file paths when processing image references during task exports:
def download(
url,
output_dir,
filename=None,
project_dir=None,
return_relative_path=False,
upload_dir=None,
download_resources=True,
):
is_local_file = url.startswith("/data/") and "?d=" in url
is_uploaded_file = url.startswith("/data/upload")
if is_uploaded_file:
upload_dir = _get_upload_dir(project_dir, upload_dir)
filename = urllib.parse.unquote(url.replace("/data/upload/", ""))
filepath = os.path.join(upload_dir, filename)
logger.debug(
f"Copy {filepath} to {output_dir}".format(
filepath=filepath, output_dir=output_dir
)
)
if download_resources:
shutil.copy(filepath, output_dir)
if return_relative_path:
return os.path.join(
os.path.basename(output_dir), os.path.basename(...
February 14th, 2025 (5 months ago)
|
|
|
Description: Description
Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted label_config query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution.
The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL.
This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions.
Steps to reproduce
Create a malicious label config that includes an XSS payload in embedded task data:
URL encode the payload and access the following URL:
http://app/projects/upload-example/?label_config=%3CView%3E%3C!--%20{%22data%22:%20{%22text%22:%20%22%3Cdiv%3E%3Cimg%20src=x%20onerror=eval(atob(`YWxlcnQoIlhTUyIp`))%3E%3C/div%3E%22}}%20--%3E%3CHyperText%20name=%22text%22%20value=%22$text%22/%3E%3C/View%3E
When executed, the payload causes the application to render an HTML page containing an img tag that fails to l...
February 14th, 2025 (5 months ago)
|
|
|
Description: Description
Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination.
The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages.
This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because error messages from failed requests contain the full response body, allowing data exfiltration from internal services.
Steps to reproduce
Create an account in Label Studio
Create a new project with basic configuration
Create an S3 storage connection with the following configuration:
{
"project": 1,
"title": "Test Storage",
"bucket": "",
"s3_endpoint": "http://internal-web",
"use_blob_urls": true,
"aws_access_key_id": "test",
"aws_secret_access_key": "test"
}
Trigger a storage sy...
February 14th, 2025 (5 months ago)
|
CVE-2023-20198 |
Description: A newly uncovered cyber espionage campaign led by the Chinese state-sponsored hacking group Salt Typhoon (Red Mike) has compromised vulnerable Cisco devices worldwide, targeting telecommunications providers across multiple countries, including the United States, the United Kingdom, and South Africa. The attack exploits two critical privilege escalation vulnerabilities, CVE-2023-20198 and CVE-2023-20273, found in Cisco IOS XE …
The post Chinese Hackers Breach Cisco Devices in Global Telecom Attacks appeared first on CyberInsider.
CVSS: CRITICAL (10.0)
February 14th, 2025 (5 months ago)
|
|
|
Description: DXPLOIT Defaced the Website of Aiuto-Hotel.it
February 14th, 2025 (5 months ago)
|
|
|
Description: 💡This post is part of Free Post Friday! If you're interested in subscribing to the platform please visit the subscriber page: https://darkwebinformer.com/status/#/portal/signup. If you would prefer to pay via cryptocurrency, please visit: https://darkwebinformer.com/crypto-paymentsIf you're interested in
February 14th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling the Data of Mous
February 14th, 2025 (5 months ago)
|
|
|
Description: Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.
February 14th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Claiming to Sell PlanB, A Multifunctional Software Tool for Managing PHP Shells and Backdoors
February 14th, 2025 (5 months ago)
|
|
|
Description: The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.
February 14th, 2025 (5 months ago)
|