CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39159 – Remote code execution in Binderhub
https://notcve.org/view.php?id=CVE-2021-39159
25 Aug 2021 — BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This ma... • https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-32798 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook
https://notcve.org/view.php?id=CVE-2021-32798
09 Aug 2021 — The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs. • https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 1CVE-2021-32797 – JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
https://notcve.org/view.php?id=CVE-2021-32797
09 Aug 2021 — JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. • https://github.com/jupyterlab/jupyterlab/commit/504825938c0abfa2fb8ff8d529308830a5ae42ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36191
https://notcve.org/view.php?id=CVE-2020-36191
13 Jan 2021 — JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). JupyterHub versión 1.1.0, permite un ataque de tipo CSRF en el panel de administración por medio de una petición que carece de un campo _xsrf, como es demostrado por una petición /hub/api/user (para agregar o eliminar una cuenta de usuario). • https://github.com/jupyterhub/jupyterhub/issues/3304 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26275 – Open redirect vulnerability
https://notcve.org/view.php?id=CVE-2020-26275
21 Dec 2020 — The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A lin... • https://advisory.checkmarx.net/advisory/CX-2020-4291 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26250 – Base class whitelist configuration ignored in OAuthenticator
https://notcve.org/view.php?id=CVE-2020-26250
01 Dec 2020 — OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) t... • https://github.com/jupyterhub/oauthenticator/blob/master/docs/source/changelog.md#0122---2020-11-30 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26232 – Open redirect in Jupyter Server
https://notcve.org/view.php?id=CVE-2020-26232
24 Nov 2020 — Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. Jupyter Server anterior a versión 1.0.6, presenta una vulnerabilidad de redirecc... • https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26215 – Open redirect in Jupyter Notebook
https://notcve.org/view.php?id=CVE-2020-26215
18 Nov 2020 — Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. • https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21030 – Ubuntu Security Notice USN-5585-1
https://notcve.org/view.php?id=CVE-2018-21030
31 Oct 2019 — Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. Jupyter Notebook versiones anteriores a 5.5.0, no utiliza un encabezado CSP para tratar los archivos servidos como pertenecientes a un origen separado. Así, por ejemplo, se puede colocar una carga XSS en un documento SVG. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. • https://github.com/jupyter/notebook/pull/3341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10856
https://notcve.org/view.php?id=CVE-2019-10856
04 Apr 2019 — In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. En Jupyter Notebook, en versiones anteriores a la 5.7.8, puede ocurrir una redirección abierta mediante un netloc vacío. Este problema existe debido a una solución incompleta para CVE-2019-10255. • https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •