Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54528

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago26 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago50 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Improper Handling of Case Sensitivity

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the prepare function due to improper enforcement of excluded directory paths on case-insensitive filesystems. An attacker...

7.1CVSS5.9AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:36 p.m.9 views

GHSA-436Q-JWFR-RM2H jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00285EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00285EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 7:36 p.m.8 views

Cross-site Scripting (XSS)

Overview @jupyterlab/git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createHeader method. An attacker can execute arbitrary JavaScript in another user's browser session by crafting a malicious...

9.3CVSS6AI score0.00284EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

9.3CVSS6.7AI score0.00284EPSS
Exploits1References2Affected Software3
OSV
OSV
added 2026/06/19 7:36 p.m.8 views

GHSA-F962-V9HR-PFG5 jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

8.6CVSS6.7AI score0.00284EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score0.00284EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.35 views

PT-2026-51066

Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.54.0 Description An authenticated user on a case-insensitive filesystem such as macOS APFS or Windows NTFS can bypass the excluded paths security control. The issue occurs because the GitHandler.prepare...

7.1CVSS6.1AI score0.00285EPSS
Exploits0References9
Circl
Circl
added 2026/06/18 7:12 a.m.9 views

CVE-2026-54528

creationtimestamp| type| source ---|---|--- 2026-06-18 07:12:50+00:00| published-proof-of-concept| https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h...

7.1CVSS5.8AI score0.00285EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.

The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...

7.4CVSS7.5AI score0.00557EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/04 2:5 p.m.22 views

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

7.4CVSS8.2AI score0.00557EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/04 2:5 p.m.11 views

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: OSV:GHSA-CJ5W-8MJF-R5F8...

7.4CVSS7.1AI score0.00557EPSS
Exploits0
OSV
OSV
added 2025/04/04 2:5 p.m.8 views

GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

7.4CVSS8.2AI score0.00557EPSS
Exploits0References6
Rows per page
Query Builder