Gian2Dchris

**Name of the Vulnerable Software and Affected Versions** Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module to annotate a document automatically version 0.1.23 **Description** The issue allows a remote attacker to escalate privileges via the `model attribs` parameter. This can be exploited through argument manipulation, posing a risk of remote attack. **Recommendations** For Doccano Open source annotation tools for machine learning practitioners version 1.8.4, urgently upgrade the affected component to mitigate the risk. For Doccano Auto Labeling Pipeline module to annotate a document automatically version 0.1.23, urgently upgrade the affected component to mitigate the risk. As a temporary workaround, consider restricting access to the `model attribs` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module version 0.1.23 **Description** An issue in the affected software allows a remote attacker to escalate privileges via a crafted REST Request. This issue affects the ability to annotate documents automatically and may lead to unauthorized access. **Recommendations** For Doccano Open source annotation tools for machine learning practitioners version 1.8.4, consider disabling the REST API endpoint until a patch is available. For Doccano Auto Labeling Pipeline module version 0.1.23, restrict access to the automatic annotation feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.