Sensitive Information Disclosure

jupyterserver is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper path validation, which allows unauthenticated attackers to leak the NTLMv2 password hash of the Windows user running the server...

Information Disclosure

jupyterserver is vulnerable to Information Disclosure. An information disclosure flaw exists due to unhandled errors in API requests. While not directly allowing unauthorized access, these errors may leak sensitive path information in responses, potentially revealing sensitive server details to...

Authorization Bypass

jupyterserver is vulnerable to authorization bypass. The vulnerability exists in filemanager.py and handlers.py functions because the hidden files and directories are not properly checked which allows an attacker to bypass and gain access to hidden files and modify sensitive information...

PYSEC-2020-50

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a...