Computer Vision Annotation Tool
CVE-2022-31188
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.
AnalysisAI
CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue. Affected products include: Cvat Computer Vision Annotation Tool. Version information: prior to 2.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today