0.7.4

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-22	CVE-2024-26152	Cross-site Scripting vulnerability in Humansignal Label Studio ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnerability. ### Details Need permission to use the "data import" function. network low complexity humansignal CWE-79	6.1
2024-01-31	CVE-2023-47116	Server-Side Request Forgery (SSRF) vulnerability in Humansignal Label Studio Label Studio is a popular open source data labeling tool. network low complexity humansignal CWE-918	5.3
2024-01-24	CVE-2024-23633	Cross-site Scripting vulnerability in Humansignal Label Studio Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. network low complexity humansignal CWE-79	6.1
2024-01-23	CVE-2023-47115	Cross-site Scripting vulnerability in Humansignal Label Studio Label Studio is an a popular open source data labeling tool. network low complexity humansignal CWE-79	5.4
2023-11-13	CVE-2023-47117	Unspecified vulnerability in Humansignal Label Studio Label Studio is an open source data labeling tool. network low complexity humansignal	7.5
2023-11-09	CVE-2023-43791	Unspecified vulnerability in Humansignal Label Studio Label Studio is a multi-type data labeling and annotation tool with standardized output format. network low complexity humansignal	8.8