85 matches found
CVE-2022-21697
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...
CVE-2021-40173
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...
SUSE CVE-2024-36468
The reported vulnerability is a stack buffer overflow in the zbxsnmpcachehandleengineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-securityEngineID to localrecord.engineid without proper bounds checking...
CVE-2024-36468 Stack buffer overflow in zbx_snmp_cache_handle_engineid
The reported vulnerability is a stack buffer overflow in the zbxsnmpcachehandleengineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-securityEngineID to localrecord.engineid without proper bounds checking...
Reflected Cross-site Scripting (XSS)
jupyter-server-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the host value in the /proxy endpoint, allowing an attacker to send a phishing link with custom JavaScript that runs when the user clicks the link, potentially granting...
PYSEC-2024-236
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
lftakakura-mage-ai (=0.9.37a1), mage-ai (>=0.0.6 <=0.9.72) potentially affected by CVE-2024-35225 via jupyter-server-proxy (>=3.2.1 <=3.2.3)
jupyter-server-proxy PYPI version =3.2.1, =0.0.6, =0.9.72 Source cves: CVE-2024-35225 Source advisory: OSV:PYSEC-2024-236...
CVE-2024-35225
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
PYSEC-2024-236
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
CVE-2024-35225 Jupyter Server Proxy has a reflected XSS issue in host parameter
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
CVE-2024-35225
Jupyter Server Proxy (jupyter-server-proxy) has a reflected XSS in the host parameter of the /proxy endpoint. Affected versions: 3.x prior to 3.2.4 and 4.x prior to 4.2.0. The issue occurs when an invalid host value is echoed back, enabling a phishing link to execute arbitrary JavaScript in a use...
lftakakura-mage-ai (=0.9.37a1), mage-ai (>=0.0.6 <=0.9.72) potentially affected by CVE-2024-35225 via jupyter-server-proxy (>=3.2.1 <=3.2.3)
jupyter-server-proxy PYPI version =3.2.1, =0.0.6, =0.9.72 Source cves: CVE-2024-35225 Source advisory: OSV:GHSA-FVCQ-4X64-HQXR...
pydisconet (=0.1.0) potentially affected by CVE-2024-35225 via jupyter-server-proxy (=4.1.0)
jupyter-server-proxy PYPI version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-server-proxy and may be impacted: - pydisconet =0.1.0 Source cves: CVE-2024-35225 Source advisory: OSV:GHSA-FVCQ-4X64-HQXR...
GHSA-FVCQ-4X64-HQXR Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting XSS issue in jupyter-server-proxy1. The /proxy endpoint accepts a host path segment in the format /proxy/. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value of host, withou...
Jupyter Server Proxy has a reflected XSS issue in host parameter
Impact There is a reflected cross-site scripting XSS issue in jupyter-server-proxy1. The /proxy endpoint accepts a host path segment in the format /proxy/. When this endpoint is called with an invalid host value, jupyter-server-proxy replies with a response that includes the value of host, withou...
Jupyter Server Proxy Security Vulnerability
Jupyter Server Proxy is an open source library from JupyterHub that allows arbitrary external processes to be run alongside a laptop server. A security vulnerability exists in Jupyter Server Proxy prior to 3.2.4, versions prior to 4.2.0, which stems from a vulnerability that allows users to run...
CVE-2024-32017 Buffer overflows in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the gcoapdnsserverproxyget function contains a small typo that may lead to a buffer overflow in the subsequent strcpy. In detail, t...
[SECURITY] Fedora 38 Update: nghttp2-1.52.0-3.fc38
This package contains the HTTP/2 client, server and proxy programs...