Lucene search
K

5 matches found

Debian CVE
Debian CVE
added 2026/05/22 8:13 p.m.8 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1
OSV
OSV
added 2026/05/05 6:10 p.m.4 views

GHSA-M68R-V472-JGQ9 JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.6 views

SUSE CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.3AI score0.02529EPSS
Exploits0References4
Prion
Prion
added 2015/12/16 11:59 a.m.23 views

Information disclosure

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.7AI score0.02529EPSS
Exploits0References14Affected Software4
UbuntuCve
UbuntuCve
added 2015/12/15 12:0 a.m.31 views

CVE-2015-7215

The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure...

5CVSS6.9AI score0.02529EPSS
Exploits0References3
Rows per page
Query Builder