Unknown · Jupyter-Lsp · CVE-2024-22415
**Name of the Vulnerable Software and Affected Versions**
jupyter-lsp versions prior to 2.2.2
**Description**
The issue affects installations of jupyter-lsp running in environments without configured file system access control and with jupyter-server instances exposed to non-trusted networks, allowing unauthorized access and modification of the file system beyond the jupyter root directory.
**Recommendations**
For versions prior to 2.2.2, upgrade to version 2.2.2 to resolve the issue.
As a temporary workaround for users unable to upgrade, consider uninstalling jupyter-lsp.
Users of jupyterlab who do not use jupyterlab-lsp can uninstall jupyter-lsp as a mitigation measure.