**Name of the Vulnerable Software and Affected Versions**

jupyterlab versions prior to 4.4.8

**Description**

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the `noopener` attribute. This could potentially lead to reverse tabnabbing attacks if links generated by third-party LaTeX-rendering extensions included `target= blank`. Reverse tabnabbing is a type of phishing attack where a malicious website replaces the content of a legitimate website in a new tab or window. The official LaTeX typesetter extensions for JupyterLab do not include `target= blank`, so there is no impact for JupyterLab users with default installations.

**Recommendations**

Update to jupyterlab version 4.4.8 or later.