4 matches found
CVE-2026-23528 vulnerabilities
Vulnerabilities for packages: dask-gateway, dask-kubernetes...
aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +410 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)
distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:PYSEC-2026-169...
aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +410 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)
distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:GHSA-C336-7962-WFJ2...
CVE-2026-23528 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...