4 matches found
lftakakura-mage-ai (=0.9.37a1), mage-ai (>=0.0.6 <=0.9.72) potentially affected by CVE-2024-35225 via jupyter-server-proxy (>=3.2.1 <=3.2.3)
jupyter-server-proxy PYPI version =3.2.1, =0.0.6, =0.9.72 Source cves: CVE-2024-35225 Source advisory: OSV:PYSEC-2024-236...
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
lftakakura-mage-ai (=0.9.37a1), mage-ai (>=0.0.6 <=0.9.72) potentially affected by CVE-2024-35225 via jupyter-server-proxy (>=3.2.1 <=3.2.3)
jupyter-server-proxy PYPI version =3.2.1, =0.0.6, =0.9.72 Source cves: CVE-2024-35225 Source advisory: OSV:GHSA-FVCQ-4X64-HQXR...