References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who perf

GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

GitHub, Inc. CWE-862

GitHub, Inc. https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f [No types assigned]

GitHub, Inc. https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj [No types assigned]