Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVAT: Mounted share file overwrite via crafted request
Vulnerability Description
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the user will be able to create files in the share directory of the import worker container, potentially filling up disk space. This issue is fixed in version 2.49.0.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
CVAT.ai CVAT 路径遍历漏洞
Vulnerability Description
CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.4.0版本至2.48.1版本存在路径遍历漏洞,该漏洞源于恶意用户可在挂载文件共享的根目录中创建或覆盖文件,可能导致磁盘空间耗尽。
CVSS Information
N/A
Vulnerability Type
N/A