The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.

The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: OSV:GHSA-CJ5W-8MJF-R5F8...

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

CVE-2025-30370

A flaw was found in jupyterlab-git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a pare...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

CVE-2025-30370

CVE-2025-30370 affects the jupyterlab-git JupyterLab extension. When a user opens a repository whose directory name contains a shell command substitution (e.g., $()) and selects “Git &gt; Open Git Repository in Terminal,” the extension previously executed a shell command via a cd to the repositor...

Command Injection

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Command Injection in the addCommands function, which executes a cd command on the input passed in to the "Open Git Repository in Terminal" interface. If a user wi...

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: SNYK:PYTHON-JUPYTERLABGIT-9667341...

PT-2025-14811 · Unknown · Jupyterlab-Git

Name of the Vulnerable Software and Affected Versions: jupyterlab-git versions prior to 0.51.1 Description: The issue arises when a user opens a maliciously named Git repository in jupyterlab-git and clicks "Git Open Git Repository in Terminal" from the menu bar. This action can lead to the...

jupyterlab-git 安全漏洞

jupyterlab-git is an open source Git extension for JupyterLab. A security vulnerability exists in jupyterlab-git that stems from a command injection that can be caused when a command substitution string is included in a directory name...

jupyterlab-git (>=0.30.0b1 <=0.30.0b3) potentially affected by CVE-2021-41134 via nbdime (=3.0.0)

nbdime PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nbdime and may be impacted: - jupyterlab-git =0.30.0b1, =0.30.0b3 Source cves: CVE-2021-41134 Source advisory: OSV:GHSA-P6RW-44Q7-3FW4...

jupyterlab-git (>=0.30.0b1 <=0.30.0b3) potentially affected by CVE-2021-41134 via nbdime (=3.0.0)

nbdime PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nbdime and may be impacted: - jupyterlab-git =0.30.0b1, =0.30.0b3 Source cves: CVE-2021-41134 Source advisory: OSV:PYSEC-2021-428...