PT-2024-19412 · Unknown+1 · Jupyterlab+2
Davwwwx
·
Published
2024-01-19
·
Updated
2024-09-18
·
CVE-2024-22421
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
JupyterLab versions prior to 4.1.0b2
JupyterLab versions prior to 4.0.11
JupyterLab versions prior to 3.6.7
jupyter-server versions prior to 2.7.2
Description
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their
Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version.Recommendations
For JupyterLab versions prior to 4.1.0b2, upgrade to version 4.1.0b2 or newer.
For JupyterLab versions prior to 4.0.11, upgrade to version 4.0.11 or newer.
For JupyterLab versions prior to 3.6.7, upgrade to version 3.6.7 or newer.
For jupyter-server versions prior to 2.7.2, upgrade to version 2.7.2 or newer, which includes a redirect vulnerability fix.
Exploit
Fix
Information Disclosure
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Jupyterlab
Jupyter Server