Safety vulnerability ID: 76337
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A path traversal vulnerability in Label Studio SDK versions before 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions before 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a download function on the label-studio-sdk python package, which fails to validate file paths when processing image references during task exports.
Latest version: 1.0.11
None
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application