CVE-2023-47116: Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
(updated )
The following tasks_from_url method in label_studio/data_import/uploader.py performs the SSRF validation (validate_upload_url) before sending the request.
def tasks_from_url(file_upload_ids, project, user, url, could_be_tasks_list):
"""Download file using URL and read tasks from it"""
References
- en.wikipedia.org/wiki/DNS_rebinding
- github.com/HumanSignal/label-studio
- github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/core/utils/io.py
- github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/data_import/uploader.py
- github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64
- github.com/HumanSignal/label-studio/releases/tag/1.11.0
- github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r
- github.com/advisories/GHSA-p59w-9gqw-wj8r
- github.com/pypa/advisory-database/tree/main/vulns/label-studio/PYSEC-2024-127.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-47116
Detect and mitigate CVE-2023-47116 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →