CVE-2021-39160

Опубликовано: 25 авг. 2021

Источник: nvd

CVSS3: 9.6

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.

Ссылки

https://github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md#0102---2021-08-25
Release Notes
Third Party Advisory
https://github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481
Patch
Third Party Advisory
https://github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j
Third Party Advisory
https://github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md#0102---2021-08-25
Release Notes
Third Party Advisory
https://github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481
Patch
Third Party Advisory
https://github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jupyterhub:nbgitpuller:*:*:*:*:*:*:*:*

Версия от 0.9.0 (включая) до 0.10.2 (исключая)

EPSS

Процентиль: 74%

0.00825

Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94

CWE-78

Связанные уязвимости

GHSA-mq5p-2mcr-m52j

CVSS3: 8.8

github

больше 4 лет назад

Code injection in nbgitpuller

EPSS

Процентиль: 74%

0.00825

Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-94

CWE-78