JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization
and XSRFToken
tokens exposed to a third party when running an older jupyter-server
version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade jupyter-server
to version 2.7.2 or newer which includes a redirect vulnerability fix.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 39 | |
jupyterlab | ge | 4.0.0 | |
jupyterlab | lt | 4.0.11 | |
jupyterlab | lt | 3.6.7 | |
notebook | ge | 7.0.0 | |
notebook | lt | 7.0.7 |