jsbroks COCO Annotator Dataset API Authorization Bypass Vulnerability

Vulnerability

An authorization bypass vulnerability has been identified in jsbroks COCO Annotator versions through 0.11.1. The issue resides in the Dataset API component, specifically within the file backend/webserver/api/datasets.py. The vulnerability allows for unauthorized modification of datasets by manipulating the DatasetId argument. This exploitation can be initiated remotely.

Impact

Exploitation of this vulnerability allows for unauthorized modification of dataset information.

Added: May 3, 2026, 6:17 AM

Updated: May 3, 2026, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

7.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

7.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

jsbroks COCO Annotator Dataset API Authorization Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating