5 matches found
CVE-2026-44181
Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable ...
CVE-2026-44182
CVE-2026-44182 affects Jupyter Enterprise Gateway before v3.3.0, where untrusted environment variables (KERNEL_XXX) are interpolated into Kubernetes manifests via a Jinja2 template without YAML-aware escaping. This YAML-injection can overwrite keys like securityContext, inject multi-document YAML...
CVE-2026-44181
This CVE (CVE-2026-44181) affects Jupyter Enterprise Gateway (versions 2.0.0rc2–
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering
Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...
GHSA-F49J-V924-FX9W Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution
Summary The environment variables KERNELXXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...