SUSE CVE-2023-40170

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

PYSEC-2023-157

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

GHSA-V7VQ-3X77-87VG Token bruteforcing.

Impact What kind of vulnerability is it? Who is impacted? Authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories i.e. hidden files were...

PYSEC-2022-212

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

PT-2022-19488 · Unknown +3 · Jupyter Notebook +3

Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 6.4.12 Description: The issue concerns Jupyter Notebook, a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with...