Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Overview Label Studio's SSRF protections that can be enabled by setting the SSRF_PROTECTION_ENABLED environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack. Description The following tasks_from_url method in label_studio/data_import/uploader.py performs the SSRF validation (validate_upload_url) before sending the request. “`python def tasks_from_url(file_upload_ids, project, user, url, could_be_tasks_list): """Download file using URL and read tasks from it""" # process URL with tasks try: filename = url.rsplit('/', 1)[-1] validate_upload_url(url, block_local_urls=settings.SSRF_PROTECTION_ENABLED) # Reason for #nosec: url has been validated as SSRF safe by the # validation check above. response = requests.get( url, verify=False, headers={'Accept-Encoding': None} ) # nosec file_content = response.content check_tasks_max_file_size(int(response.headers['content-length'])) file_upload = create_file_upload( user, project,…Read More