Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVAT allows remote code execution via tracker Nuclio functions
Vulnerability Description
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run any of the serverless functions of type tracker from the CVAT Git repository, namely TransT and SiamMask. Deployments with custom functions of type tracker may also be affected, depending on how they handle state serialization. If a function uses an unsafe serialization library such as pickle or jsonpickle, it's likely to be vulnerable. Upgrade to CVAT 2.26.0 or later. If you are unable to upgrade, shut down any instances of the TransT or SiamMask functions you're running.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Computer Vision Annotation Tool 代码问题漏洞
Vulnerability Description
Computer Vision Annotation Tool(CVAT)是cvat.ai开源的一种用于计算机视觉的交互式视频和图像注释工具。 Computer Vision Annotation Tool存在代码问题漏洞,该漏洞源于运行特定类型的服务器less函数时,可能允许攻击者在Nuclio函数容器上下文中运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A