CNNVD-202601-1827 Information
CNNVD ID
CNNVD-202601-1827
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
Label Studio是Heartex开源的一个开源数据标注工具。允许您使用简单明了的 UI 标记音频、文本、图像、视频和时间序列等数据类型,并导出为各种模型格式。 Label Studio 1.22.0及之前版本存在访问控制错误漏洞,该漏洞源于custom_hotkeys功能存在存储型跨站脚本,可能导致经过身份验证的攻击者注入JavaScript代码,进而实现账户接管和未经授权的API访问。
Description (English)
Label Studio is an open source data labelling tool for Heartex open sources. Allows you to use simple and clear UIs to tag data types such as audio, text, images, videos and time series and to export them to various model formats. Label Studio 1.22.0 and previous versions had access control error holes, which stemmed from the existence of a storage cross-site script for the Custom hotkeys function, which could lead to the injection of the identity-identified assailant into JavaScript code, thus enabling account take-over and unauthorized API access.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
Heartex
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505 https://github.com/HumanSignal/label-studio/pull/9084 https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch
Patch
https://github.com/HumanSignal/label-studio/releases
Share on: