CVE-2024-10141

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator version 0.11.1

Description A problematic vulnerability was found in the Session Handler component of jsbroks COCO Annotator. The manipulation of the SECRET KEY argument leads to a predictable state from an observable state. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitability. The exploit has been disclosed to the public and may be used.

Recommendations For jsbroks COCO Annotator version 0.11.1, as a temporary workaround, consider restricting access to the Session Handler component until a patch is available. Avoid using the SECRET KEY argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.