311 matches found
Exploit for Cross-Site Request Forgery (CSRF) in Jupyter Jupyterhub
CVE-2026-40864 — JupyterHub XSRF bypass via cross-origin form...
CLEANSTART-2026-MJ28981 Security fixes for CVE-2026-42304, CVE-2026-44307, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0, 4.3.5-r1
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-40864 vulnerabilities
Vulnerabilities for packages: py3-jupyterhub...
GHSA-M68R-V472-JGQ9 vulnerabilities
Vulnerabilities for packages: py3-jupyterhub...
GHSA-M68R-V472-JGQ9 vulnerabilities
Vulnerabilities for packages: py3-jupyterhub...
CVE-2026-40864 vulnerabilities
Vulnerabilities for packages: py3-jupyterhub...
Linux Distros Unpatched Vulnerability : CVE-2026-40864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0...
DEBIAN-CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
UBUNTU-CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
EUVD-2026-31499
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
CVE-2026-40864
Affected software: JupyterHub (versions 4.1.0–5.4.4). Vulnerability: Cross-origin form POSTs bypass XSRF because XSRF protection treated requests with Sec-Fetch-Mode: no-cors as same-origin, affecting HTTP form endpoints (e.g., /hub/spawn, /hub/accept-share). The JSON API is not affected. Impact ...
JupyterHub 跨站请求伪造漏洞
JupyterHub is an open-source service designed for multi-user environments using Jupyter. Versions 4.1.0 to 5.4.4 of JupyterHub contain a cross-site request forgeing vulnerability. This vulnerability arises from the improper handling of XSRF protections, which mistakenly treat requests with the...
CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0
Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0
Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...