A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.
Metrics
Affected Vendors & Products
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-05T00:16:08.775Z
Reserved: 2022-07-25T00:00:00.000Z
Link: CVE-2022-36551
No data.
Status : Modified
Published: 2022-10-03T12:15:09.627
Modified: 2026-06-17T04:53:39.097
Link: CVE-2022-36551
No data.
OpenCVE Enrichment
No data.