CVE-2022-21697

Name of the Vulnerable Software and Affected Versions Jupyter Server Proxy versions prior to 3.2.1

Description The issue is related to Server-Side Request Forgery (SSRF) due to a lack of input validation, allowing authenticated clients to proxy requests to other hosts and bypass the allowed hosts check. This is considered low to moderate severity because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution. Any user deploying Jupyter Server or Notebook with the jupyter-proxy-server extension enabled is affected.

Recommendations For versions prior to 3.2.1, upgrade to version 3.2.1 to receive a patch. As a temporary workaround, users can also install the patch manually.