Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jupyter jupyterhub vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28233
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full ac...
4.3
CVSSv3
CVE-2023-48311
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, inst...
Jupyter Dockerspawner
6.5
CVSSv3
CVE-2022-31027
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The al...
Jupyter Oauthenticator
7.5
CVSSv3
CVE-2021-41247
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not t...
Jupyter Jupyterhub
9.8
CVSSv3
CVE-2021-39159
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously...
Jupyter Binderhub
8.8
CVSSv3
CVE-2021-39160
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are ad...
Jupyterhub Nbgitpuller
4.5
CVSSv3
CVE-2020-36191
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
Jupyter Jupyterhub 1.1.0
6.3
CVSSv3
CVE-2020-26250
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and prior to 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, ...
Jupyter Oauthenticator
6.1
CVSSv3
CVE-2019-10255
An Open Redirect vulnerability for all browsers in Jupyter Notebook prior to 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub prior to 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_ur...
Jupyter Jupyterhub
Jupyter Notebook
8.8
CVSSv3
CVE-2018-7206
An issue exists in Project Jupyter JupyterHub OAuthenticator 0.6.x prior to 0.6.2 and 0.7.x prior to 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to creat...
Jupyter Oauthenticator 0.6.0
Jupyter Oauthenticator 0.6.1
Jupyter Oauthenticator 0.7.0
Jupyter Oauthenticator 0.7.1
Jupyter Oauthenticator 0.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started