We use cookies to improve your experience on our site.
AVID-2026-R1510
Description
Vulnerability CVE-2024-40441
Details
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.
Reason for inclusion in AVID: CVE-2024-40441 describes a remote privilege escalation in Doccano (a data labeling/annotation tool) versions 1.8.4 and 0.1.23. Doccano is a component commonly used in ML data preparation and annotation pipelines, i.e., part of the AI model training/serving stack. This is a software vulnerability affecting a component used in AI workflows, representing a potential risk to the supply chain of general-purpose AI systems. The report provides explicit CVE details, affected versions, impact (privilege escalation), and references (NVD and project release pages), offering sufficient signal for curation.
References
- NVD entry
- https://github.com/doccano/doccano/releases/tag/v1.8.4
- https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23
- https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40441
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-09-23
- Version: 0.3.3
- AVID Entry