Jhespeter

Name of the Vulnerable Software and Affected Versions: JupyterHub version 1.1.0 Description: The issue allows for CSRF in the admin panel via a request that lacks an ` xsrf` field. This can be demonstrated by a "/hub/api/user" request, which can be used to add or remove a user account. Recommendations: For JupyterHub version 1.1.0, consider disabling the `/hub/api/user` endpoint until a patch is available to prevent exploitation. As a temporary workaround, ensure that all requests to the admin panel include a valid ` xsrf` field to mitigate the risk of CSRF attacks.