Unrated severityNVD Advisory· Published Aug 1, 2022· Updated Apr 22, 2025

Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)

CVE-2022-31188

Description

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products

Cvat Ai/Cvatv5
Range: < 2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/169814/CVAT-2.0-Server-Side-Request-Forgery.htmlmitre
github.com/cvat-ai/cvat/commit/6fad1764efd922d99dbcda28c4ee72d071aa5a07mitre
github.com/cvat-ai/cvat/security/advisories/GHSA-7vpj-j5xv-29prmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.029
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000