CVE-2025-5173

Опубликовано: 26 мая 2025

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Ссылки

https://github.com/HumanSignal/label-studio-ml-backend/issues/765
Issue Tracking
Vendor Advisory
https://vuldb.com/?ctiid.310261
Permissions Required
VDB Entry
https://vuldb.com/?id.310261
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.578126
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:humansignal:label_studio_ml_backend:*:*:*:*:*:*:*:*

Версия до 2024-09-30 (включая)

EPSS

Процентиль: 11%

0.00037

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

CWE-502

Связанные уязвимости

GHSA-55g9-6c2x-gf8q

CVSS3: 5.3

github

9 месяцев назад

HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

EPSS

Процентиль: 11%

0.00037

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

CWE-502