Advisories for Pypi/Label-Studio package

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label Studio 1.10.1. PoC Create a project. Upload a file containing the payload using the "Upload Files" function. The following are the contents …

The following tasks_from_url method in label_studio/data_import/uploader.py performs the SSRF validation (validate_upload_url) before sending the request. def tasks_from_url(file_upload_ids, project, user, url, could_be_tasks_list): """Download file using URL and read tasks from it"""

The following code snippet in Label Studio showed that is a URL passed the SSRF verification checks, the contents of the file would be downloaded using the filename in the URL. def tasks_from_url(file_upload_ids, project, user, url, could_be_tasks_list): """Download file using URL and read tasks from it"""

The following code snippet in Label Studio shows that the only verification check is that the file is an image by extracting the dimensions from the file. def hash_upload(instance, filename): filename = str(uuid.uuid4())[0:8] + '-' + filename return settings.AVATAR_PATH + '/' + filename <3> def check_avatar(files): images = list(files.items()) if not images: return None filename, avatar = list(files.items())[0] # get first file w, h = get_image_dimensions(avatar) <1> if not w …

The following code snippet from the ViewSetSerializer in label_studio/data_manager/serializers.py insecurely creates Filter objects from a JSON POST request to the /api/dm/views/{viewId} API endpoint. @staticmethod def _create_filters(filter_group, filters_data): filter_index = 0 for filter_data in filters_data: filter_data["index"] = filter_index filter_group.filters.add(Filter.objects.create(**filter_data)) filter_index += 1 These Filter objects are then applied in the TaskQuerySet in label_studio/data_manager/managers.py. class TaskQuerySet(models.QuerySet): def prepared(self, prepare_params=None): """ Apply filters, ordering and selected items to queryset :param prepare_params: prepare params …

Below is the code snippet of the Django settings file at label_studio/core/settings/base.py.

Relative Path Traversal in label-studio.

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF. This issue is fixed in version 1.6.0.