Lucene search
K

22 matches found

CVE
CVE
added yesterday18 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday38 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score
Exploits1References3
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Improper Handling of Case Sensitivity

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the prepare function due to improper enforcement of excluded directory paths on case-insensitive filesystems. An attacker...

7.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 7:36 p.m.8 views

Cross-site Scripting (XSS)

Overview @jupyterlab/git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createHeader method. An attacker can execute arbitrary JavaScript in another user's browser session by crafting a malicious...

8.4CVSS6AI score
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

9.3CVSS6.7AI score
Exploits1References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.28 views

PT-2026-51066

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlab git/handlers.py:91 to enforce the admin-configured excluded paths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive...

7.1CVSS6AI score
Exploits0References6
Circl
Circl
added 2026/06/18 7:12 a.m.8 views

CVE-2026-54528

creationtimestamp| type| source ---|---|--- 2026-06-18 07:12:50+00:00| published-proof-of-concept| https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h...

7.1CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.

The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...

7.4CVSS7.5AI score0.00557EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/04 2:5 p.m.8 views

GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

7.4CVSS8.2AI score0.00557EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/04/04 2:5 p.m.22 views

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

7.4CVSS8.2AI score0.00557EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/04 2:5 p.m.10 views

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: OSV:GHSA-CJ5W-8MJF-R5F8...

7.4CVSS7.1AI score0.00557EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/04 5:31 a.m.7 views

CVE-2025-30370

A flaw was found in jupyterlab-git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a pare...

7.4CVSS8.3AI score0.00557EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/04/03 10:0 p.m.9 views

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: SNYK:PYTHON-JUPYTERLABGIT-9667341...

7.4CVSS7.1AI score0.00557EPSS
Exploits0
Cvelist
Cvelist
added 2025/04/03 10:0 p.m.18 views

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

7.4CVSS0.00557EPSS
Exploits0References4
Snyk
Snyk
added 2025/04/03 10:0 p.m.6 views

Command Injection

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Command Injection in the addCommands function, which executes a cd command on the input passed in to the "Open Git Repository in Terminal" interface. If a user wi...

7.4CVSS7.2AI score0.00557EPSS
Exploits0References2
CVE
CVE
added 2025/04/03 10:0 p.m.54 views

CVE-2025-30370

CVE-2025-30370 affects the jupyterlab-git JupyterLab extension. When a user opens a repository whose directory name contains a shell command substitution (e.g., $()) and selects “Git &gt; Open Git Repository in Terminal,” the extension previously executed a shell command via a cd to the repositor...

7.4CVSS7.3AI score0.00557EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.5 views

jupyterlab-git 安全漏洞

jupyterlab-git is an open source Git extension for JupyterLab. A security vulnerability exists in jupyterlab-git that stems from a command injection that can be caused when a command substitution string is included in a directory name...

7.4CVSS7.6AI score0.00557EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14811

Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.51.1 Description The issue arises when a user opens a maliciously named Git repository in jupyterlab-git and clicks "Git Open Git Repository in Terminal" from the menu bar. This action can lead to the executi...

7.4CVSS7.2AI score0.00557EPSS
Exploits0References17
Rows per page
Query Builder