Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2026/07/10 7:9 a.m.8 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00301EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/08 9:4 p.m.34 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00301EPSS
Exploits1References3
CVE
CVE
added 2026/07/08 9:4 p.m.27 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score0.00301EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.10 views

GHSA-436Q-JWFR-RM2H jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00301EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.12 views

jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00301EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.40 views

PT-2026-51066

Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.54.0 Description An authenticated user on a case-insensitive filesystem such as macOS APFS or Windows NTFS can bypass the excluded paths security control. The issue occurs because the GitHandler.prepare...

7.1CVSS6.1AI score0.00301EPSS
Exploits1References12
NVD
NVD
added 2025/12/18 9:15 p.m.6 views

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

8.8CVSS0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52339

Name of the Vulnerable Software and Affected Versions BullWall Ransomware Containment versions 4.6.0.0 through 4.6.1.4 Description BullWall Ransomware Containment does not monitor certain file paths, such as $recycle.bin. An attacker with file write permissions could bypass detection by renaming ...

8.8CVSS6.6AI score0.00331EPSS
Exploits0References10
Kitploit
Kitploit
added 2023/11/22 11:30 a.m.40 views

Deepsecrets - Secrets Scanner That Understands Code

Yet another tool - why? Existing tools don't really "understand" code. Instead, they mostly parse texts. DeepSecrets expands classic regex-search approaches with semantic analysis, dangerous variable detection, and more efficient usage of entropy analysis. Code understanding supports 500+ languag...

7.2AI score
Exploits0References2
Rows per page
Query Builder