Описание
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 4.11.2-1 |
| esm-apps/bionic | released | 4.4.0-2ubuntu0.1~esm1 |
| esm-apps/focal | released | 4.6.3-3ubuntu0.1~esm1 |
| esm-apps/jammy | released | 4.9.1-1ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 4.11.2-1 |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | released | 4.11.1-1ubuntu0.22.10.1 |
| lunar | not-affected | 4.11.2-1 |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
Jupyter Core is a package for the core common functionality of Jupyter ...
Execution with Unnecessary Privileges in JupyterApp
Уязвимость ядра Jupyter Core среды интерактивной разработки и выполнения кода Jupyter Notebook, позволяющая нарушителю раскрыть защищаемую информацию, загружать и выполнять код с повышенными привилегиями
EPSS
8.8 High
CVSS3