A vulnerability classified as critical has been found in CVAT up to 1.x. Affected is an unknown function. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2022-31188. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Read More