Computer Vision Annotation Tool (CVAT)

CPE Details

Computer Vision Annotation Tool (CVAT)
cvat
computer_vision_annotation_tool
-
2024-10-31
11h17 +00:00
2024-10-31
11h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cvat:computer_vision_annotation_tool:-:*:*:*:*:*:*:*

Informations

Vendor

cvat

Product

computer_vision_annotation_tool

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-47172 2024-09-30 15h00 +00:00 Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
5.4
Medium
CVE-2021-45046 2021-12-14 16h55 +00:00 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
9
Critical