Lucene search
GoogleOSV:GHSA-MQ5P-2MCR-M52JHistoryAug 30, 2021 - 4:17 p.m.
Code injection in nbgitpuller
2021-08-3016:17:06
Google
osv.dev
11
nbgitpuller
code injection
security advisory
arbitrary code execution
upgrade
downgrade
software vulnerability
EPSS
0.004
Percentile
74.0%
Impact
Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.
Patches
0.10.2
Workarounds
None, other than upgrade to 0.10.2 or downgrade to 0.8.x.
For more information
If you have any questions or comments about this advisory:
- Open an issue in nbgitpuller
- Email our security team at [email protected]
References
github.com/jupyterhub/nbgitpuller
github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md#0102---2021-08-25
github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481
github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j
nvd.nist.gov/vuln/detail/CVE-2021-39160
Related
osv
osv
PYSEC-2021-315
2021-08-25 18:15:00
CVE-2021-39160
2021-08-25 18:15:08
github
github
Code injection in nbgitpuller
2021-08-30 16:17:06
veracode
veracode
Remote Code Execution (RCE)
2021-08-26 01:27:20
cvelist
cvelist
CVE-2021-39160 Code injection in nbgitpuller
2021-08-25 18:10:11
nvd
nvd
CVE-2021-39160
2021-08-25 18:15:08
cve
cve
CVE-2021-39160
2021-08-25 18:15:08
prion
prion
Input validation
2021-08-25 18:15:00