CVE-2024-26152 Information

Feb 23, 2024 cve

Description

Summary On all Label Studio versions prior to 1.11.0 data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag resulting in an XSS vulnerability.

Details Need permission to use the \data import\ function. This was reproduced on Label Studio 1.10.1.

PoC

  1. Create a project. Create a project

  2. Upload a file containing the payload using the �pload Files\ function. 2 Upload a file containing the payload using the Upload Files function 3 complete

The following are the contents of the files used in the PoC


  \data\
## Reference
[***https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg***](https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg)
[***https://github.com/HumanSignal/label-studio/pull/5232***](https://github.com/HumanSignal/label-studio/pull/5232)
[***https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8***](https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8)
[***https://github.com/HumanSignal/label-studio/releases/tag/1.11.0***](https://github.com/HumanSignal/label-studio/releases/tag/1.11.0)
Share on: