Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-39160
HistoryAug 25, 2021 - 6:15 p.m.

CVE-2021-39160

2021-08-2518:15:08
CWE-94
CWE-78
[email protected]
web.nvd.nist.gov
3
nbgitpuller
jupyter server extension
unsanitized input
arbitrary code execution
upgrade

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.0%

JSON

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.

Affected configurations

Nvd
Node
jupyterhubnbgitpullerRange0.9.00.10.2
VendorProductVersionCPE
jupyterhubnbgitpuller*cpe:2.3:a:jupyterhub:nbgitpuller:*:*:*:*:*:*:*:*

Related

osv 3
veracode 1
cvelist 1
github 1
cve 1
prion 1
osv
osv
PYSEC-2021-315
2021-08-25 18:15:00
CVE-2021-39160
2021-08-25 18:15:08
Code injection in nbgitpuller
2021-08-30 16:17:06
veracode
veracode
Remote Code Execution (RCE)
2021-08-26 01:27:20
cvelist
cvelist
CVE-2021-39160 Code injection in nbgitpuller
2021-08-25 18:10:11
github
github
Code injection in nbgitpuller
2021-08-30 16:17:06
cve
cve
CVE-2021-39160
2021-08-25 18:15:08
prion
prion
Input validation
2021-08-25 18:15:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.0%

JSON
Related for NVD:CVE-2021-39160
osv3veracode1cvelist1github1cve1prion1