CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

CVE-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

CVE-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

CVE-2022-24758

CVE-2022-24758 affects Jupyter Notebook. The issue arises from logging: when a 5xx error occurs, auth cookies and other header values are recorded in server logs, potentially exposing sensitive information to anyone with log access. This vulnerability is described as affecting Jupyter Notebook pr...

CVE-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

Jupyter Notebook 日志信息泄露漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A log information disclosure vulnerability exists in Jupyter Notebook versions prior to 6.4.9, which stems from an unauthorized participant being able to access sensitive...

PT-2022-16860 · Unknown +3 · Jupyter Notebook +3

Name of the Vulnerable Software and Affected Versions: Jupyter notebook versions prior to 6.4.9 Description: The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a...

Authentication flaw

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

Zepl Notebook 安全漏洞

Zepl Notebook is the United States Zepl company provides interactive data analysis and Web-based notebook. Zepl Notebook is a web-based notebook that provides interactive data analysis and is used to make beautiful documents that are data-driven, interactive and collaborative. A security...

Zepl Notebook 安全漏洞

Zepl Notebook is the United States Zepl company provides interactive data analysis and Web-based notebook. Zepl Notebook is a web-based notebook that provides interactive data analysis and is used to make beautiful documents that are data-driven, interactive and collaborative. Zepl Notebook has a...

Zepl Notebook Sandbox Escape Vulnerability

Exploit Title: Zepl Notebook - Sandbox Escape Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit...

Lenovo Notebook 输入验证错误漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from an input validation error vulnerability that stems from a potential security flaw in the BIOS firmware of Intel processors. An attacker could exploit the vulnerability to cause privilege...

CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

Codex 跨站脚本漏洞

Codex is a free notebook software for programmers and computer science majors from the US-based individual developer Josh Vickery. A cross-site scripting vulnerability exists in Codex versions prior to 1.4.0, which stems from a lack of effective filtering and escaping of the Name field of...

Mageia: Security Advisory (MGASA-2018-0182)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0457)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GCV9-6737-PJQW SSRF vulnerability in jupyter-server-proxy

Impact What kind of vulnerability is it? Server-Side Request Forgery SSRF Who is impacted? Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled. A lack of input validation allowed authenticated clients to proxy requests to other hosts, bypassing the allowedhos...

Security Bulletin: IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM i2 Analyze for general purpose and application error logging. It is also used in IBM i2 Analyst's Notebook Premium when the chart store is deployed. This bulletin addresses the vulnerabilities for the reported CVE-2021-45105 and CVE-2021-45046. The below fix...