CVE-2022-36551

Laravel Tech Community

Oct 11, 2022 · Information Security

Label Studio <1.6.0 SSRF Vulnerability (CVE‑2022‑36551)

Label Studio versions prior to 1.6.0 contain an SSRF flaw that allows authenticated users to access arbitrary files on the server via the data import module, with self‑registration enabled by default, and a proof‑of‑concept exploit is publicly available.