20 matches found
EUVD-2026-28464
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-8034 Server-side request forgery vulnerability in GitHub Enterprise Server notebook viewer via URL parser confusion
A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...
PT-2026-38594
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...
CVE-2026-5921
A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack
A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...
PT-2026-34213
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF allows an attacker to extract sensitive environment variables from an instance via a timing side-channel attack against the notebook rendering...
Linux Distros Unpatched Vulnerability : CVE-2022-2428
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issu...
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
Design/Logic Flaw
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
CVE-2023-51277 affects nbviewer-app (Jupyter Notebook Viewer) prior to version 0.1.6, where the release build incorrectly included the get-task-allow entitlement. This misconfiguration can enable loading of untrusted code, with reported high impact on confidentiality, integrity, and availability....
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
Jupyter Notebook Viewer Security Vulnerability
Jupyter Notebook Viewer is a macOS application for viewing Jupyter/IPython notebooks. A security vulnerability exists in Jupyter Notebook Viewer prior to version 0.1.6, which stems from a problem with the get-task-allow function and can be exploited by an attacker to load untrusted code...
UBUNTU-CVE-2022-2428
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests...