GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: OSV:GHSA-CJ5W-8MJF-R5F8...

CVE-2025-30370

A flaw was found in jupyterlab-git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a pare...

Command Injection

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Command Injection in the addCommands function, which executes a cd command on the input passed in to the "Open Git Repository in Terminal" interface. If a user wi...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

CVE-2025-30370

CVE-2025-30370 affects the jupyterlab-git JupyterLab extension. When a user opens a repository whose directory name contains a shell command substitution (e.g., $()) and selects “Git &gt; Open Git Repository in Terminal,” the extension previously executed a shell command via a cd to the repositor...

elyra (>=4.0.0rc0 <=4.0.0rc4), elyra-code-snippet-extension (>=3.0.0rc3 <=4.0.0rc2) +12 more potentially affected by CVE-2025-30370 via jupyterlab-git (>=0.24.0 <=0.50.2)

jupyterlab-git PYPI version =0.24.0, =4.0.0rc0, =3.0.0rc3, =3.14.0, =3.0.0rc3, =3.0.0rc3, =3.0.0rc3, =3.14.0, =4.0.0rc0, =0.4.0, =2.1.0, =0.1.30, =1.3.19, =3.16.1, =0.1.0, =0.2.9 Source cves: CVE-2025-30370 Source advisory: SNYK:PYTHON-JUPYTERLABGIT-9667341...

PT-2025-14811 · Unknown · Jupyterlab-Git

Name of the Vulnerable Software and Affected Versions: jupyterlab-git versions prior to 0.51.1 Description: The issue arises when a user opens a maliciously named Git repository in jupyterlab-git and clicks "Git Open Git Repository in Terminal" from the menu bar. This action can lead to the...

jupyterlab-git 安全漏洞

jupyterlab-git is an open source Git extension for JupyterLab. A security vulnerability exists in jupyterlab-git that stems from a command injection that can be caused when a command substitution string is included in a directory name...

jupyterlab-git (>=0.30.0b1 <=0.30.0b3) potentially affected by CVE-2021-41134 via nbdime (=3.0.0)

nbdime PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nbdime and may be impacted: - jupyterlab-git =0.30.0b1, =0.30.0b3 Source cves: CVE-2021-41134 Source advisory: OSV:GHSA-P6RW-44Q7-3FW4...

jupyterlab-git (>=0.30.0b1 <=0.30.0b3) potentially affected by CVE-2021-41134 via nbdime (=3.0.0)

nbdime PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nbdime and may be impacted: - jupyterlab-git =0.30.0b1, =0.30.0b3 Source cves: CVE-2021-41134 Source advisory: OSV:PYSEC-2021-428...