CNNVD-202506-3161 Information

CNNVD ID

CNNVD-202506-3161

Related CVE

CVE-2025-49135

• CNNVD Published: 2025-06-25

Description (Chinese)

CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.2.0至2.39.0版本存在安全漏洞，该漏洞源于导入过程中缺少验证，可能导致数据泄露。

Description (English)

CVAT.ai CVAT is an open source data-processing tool for CVAT.ai. CVAT.ai CVAT versions 2.2.0 to 2.39.0 contain a security loophole, which stems from a lack of validation during the import process and may lead to data leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

cvc5

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/cvat-ai/cvat/commit/dbafd9c0287489bea00e1db626f64b107f90bfc9 https://github.com/cvat-ai/cvat/security/advisories/GHSA-frpr-5w6q-hh4f https://nvd.nist.gov/vuln/detail/CVE-2025-49135

Patch

https://github.com/cvat-ai/cvat/releases