Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-47064


Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.


Published

2024-09-30T15:15:06.413

Last Modified

2024-10-30T18:23:17.020

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-79
    CWE-81

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cvat computer_vision_annotation_tool < 2.19.0 Yes

References