Davwwwx

**Name of the Vulnerable Software and Affected Versions** JupyterLab versions prior to 4.1.0b2 JupyterLab versions prior to 4.0.11 JupyterLab versions prior to 3.6.7 jupyter-server versions prior to 2.7.2 **Description** JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. **Recommendations** For JupyterLab versions prior to 4.1.0b2, upgrade to version 4.1.0b2 or newer. For JupyterLab versions prior to 4.0.11, upgrade to version 4.0.11 or newer. For JupyterLab versions prior to 3.6.7, upgrade to version 3.6.7 or newer. For jupyter-server versions prior to 2.7.2, upgrade to version 2.7.2 or newer, which includes a redirect vulnerability fix.

**Name of the Vulnerable Software and Affected Versions** jupyter-server versions prior to 2.7.2 **Description** The issue is an Open Redirect Vulnerability in jupyter-server, which is the backend for Jupyter web applications. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. **Recommendations** To resolve the issue, upgrade to Jupyter Server 2.7.2. As a temporary workaround, consider restricting access to the login functionality until the upgrade is applied. There are no known workarounds for this vulnerability.