We use cookies to improve your experience on our site.
AVID-2026-R1511
Description
Vulnerability CVE-2024-40442
Details
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request.
Reason for inclusion in AVID: CVE-2024-40442 describes a remote privilege escalation vulnerability in Doccano data labeling tools, which are used in AI data preparation pipelines. This is a software vulnerability in AI tooling that participates in the GP AI supply chain (data labeling, labeling pipelines). The issue is security-related (privilege escalation) and the report provides CVE details and release references, offering sufficient evidence for curation.
References
- NVD entry
- https://github.com/doccano/doccano/releases/tag/v1.8.4
- https://github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23
- https://github.com/gian2dchris/CVEs/tree/main/CVE-2024-40442
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-09-23
- Version: 0.3.3
- AVID Entry