CVE-2021-41247

Name of the Vulnerable Software and Affected Versions JupyterHub versions prior to 1.5

Description The issue affects users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session. When logging out, fresh credentials for the single-user server are reinstated if another active JupyterLab session is open, resulting in incomplete logout.

Recommendations For versions prior to 1.5, upgrade to JupyterHub 1.5. For distributed deployments, patch jupyterhub in the user environment. As a temporary workaround, ensure that only one JupyterLab tab is open when logging out.