Описание
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which has been included in release 2.7.2. Users are advised to upgrade. Users unable to upgrade may use the lower performance --ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler, which implements the correct checks.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needs-triage | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | needs-triage |
Показывать по
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
jupyter-server is the backend for Jupyter web applications. Improper c ...
cross-site inclusion (XSSI) of files in jupyter-server
EPSS
4.6 Medium
CVSS3