CVE-2023-49080

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 2.11.2

Description The Jupyter Server has an issue related to unhandled errors in API requests coming from an authenticated user, which can include traceback information and path information. Since the requesting user already has arbitrary execution permissions in the same environment, the revealed paths are not considered particularly sensitive. There is no known mechanism to trigger these errors without authentication.

Recommendations For versions prior to 2.11.2, upgrade to version 2.11.2 or later, which includes a fix that no longer includes traceback information in JSON error responses. As a temporary workaround, consider restricting access to sensitive paths and information, but note that there are no known workarounds for this issue.