GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

CVE-2026-44181

creationtimestamp| type| source ---|---|--- 2026-06-03 03:02:38+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-f49j-v924-fx9w...

CVE-2026-44182

creationtimestamp| type| source ---|---|--- 2026-06-03 02:54:53+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-cfw7-6c5v-2wjq...

CVE-2026-44180

creationtimestamp| type| source ---|---|--- 2026-06-03 02:54:32+00:00| published-proof-of-concept| https://github.com/jupyter-server/enterprisegateway/security/advisories/GHSA-chq7-94j8-cj28...

PT-2026-46124

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...

MAL-2026-3255 Malicious code in @enterprise-core/auth-gateway-bridge (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

EUVD-2019-19062

Malware in sbrugna...

CVE-2023-22595

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility and Mobile Enterprise Gateway (MEG) affected by multiple vulnerabilities (CVE-2024-21907, CVE-2023-39017, CVE-2024-40642, CVE-2015-2325)

Summary Vulnerabilities contained within newtonsoft.json 3rd party components were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility. Vulnerabilities contained within Netty 3rd party components were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG Module...

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary A vulnerability contained within Open SSL was addressed in the IBM MaaS360 Cloud Extender VPN Module. Vulnerabilities contained within Spring Framework and Eclipse Jetty a 3rd party component were addressed in the IBM MaaS360 Mobile Enterprise Gateway MEG. Vulnerability Details...

PT-2023-19848 · Ibm · Ibm B2B Advanced Communications +1

Name of the Vulnerable Software and Affected Versions: IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1 Description: The issue allows a user to cause a denial of service due to the deserializing of untrusted serialized Java objects...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within libcurl a 3rd party component and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, VPN and Base Modules. Vulnerabilities contained within Netty a 3rd party component were addressed in the IBM MaaS360 Mobi...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)

Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway and MaaS360 Cloud Extender Configuration Utility module. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling...

CVE-2022-27983

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php...

CVE-2022-27982

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...

CVE-2022-27983

The CVE-2022-27983 entry concerns RG-NBR-E Enterprise Gateway RG-NBR2100G-E, which contains an arbitrary file read vulnerability in the check.php URL parameter. The issue’s root cause is not fully detailed beyond this file-read flaw, and the connected sources confirm the affected product and vuln...

CVE-2022-27982

CVE-2022-27982 affects the RG-NBR-E Enterprise Gateway RG-NBR2100G-E. A remote code execution (RCE) vulnerability is exposed via the fileName parameter in /guest_auth/cfg/upLoadCfg.php. The NVD entry lists a high/critical impact in CVSS v2/v3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base scores 7.5/...

RG-NBR-E Enterprise Gateway RG-NBR2100G-E 安全漏洞

RG-NBR-E Enterprise Gateway RG-NBR2100G-E is an enterprise gateway. A security vulnerability exists in the RG-NBR-E Enterprise Gateway RG-NBR2100G-E, which originates from an arbitrary file read vulnerability via the url parameter in check.php...