CVE-2022-31188

Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.0.0

Description The issue is related to insufficient validation of incoming requests, which can allow a remote attacker to perform a Server-side request forgery (SSRF) attack. Validation has been added to URLs used in the affected code path in version 2.0.0.

Recommendations For versions prior to 2.0.0, upgrade to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider adding validation to URLs used in the affected code path to minimize the risk of exploitation. There are no known workarounds for this issue other than upgrading to a fixed version.