grid2viz (>=1.1.0 <=1.3.1), trenchripper (>=0.1.4 <=0.2.1) potentially affected by CVE-2022-21697 via jupyter-server-proxy (>=1.3.2 <=1.6.0)

jupyter-server-proxy PYPI version =1.3.2, =1.1.0, =0.1.4, =0.2.1 Source cves: CVE-2022-21697 Source advisory: OSV:GHSA-GCV9-6737-PJQW...

SSRF vulnerability in jupyter-server-proxy

Impact What kind of vulnerability is it? Server-Side Request Forgery SSRF Who is impacted? Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled. A lack of input validation allowed authenticated clients to proxy requests to other hosts, bypassing the allowedhos...

Server-Side Request Forgery (SSRF)

jupyterserverproxy is vulnerable to server side request forgery. The vulnerability exists due to a lack of validation of the allowedhosts allowing an attacker to bypass the authentication for terminal execution...

CVE-2022-21697

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

PYSEC-2022-16

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

PYSEC-2022-16

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

grid2viz (>=1.1.0 <=1.3.1), trenchripper (>=0.1.4 <=0.2.1) potentially affected by CVE-2022-21697 via jupyter-server-proxy (>=1.3.2 <=1.6.0)

jupyter-server-proxy PYPI version =1.3.2, =1.1.0, =0.1.4, =0.2.1 Source cves: CVE-2022-21697 Source advisory: OSV:PYSEC-2022-16...

Server side request forgery (ssrf)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

CVE-2022-21697

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

CVE-2022-21697 SSRF vulnerability (requires authentication)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

CVE-2022-21697 SSRF vulnerability (requires authentication)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

CVE-2022-21697 SSRF vulnerability (requires authentication)

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

CVE-2022-21697

Jupyter Server Proxy (jupyter-proxy-server) is affected by an SSRF vulnerability in versions before 3.2.1. A lack of input validation allows authenticated users with the extension enabled to proxy requests to arbitrary hosts, bypassing the allowed_hosts check. The issue requires authentication, w...

Oracle HTTP Server (Oct 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL...

ZOHO ManageEngine Cloud Security Plus Code Injection Vulnerability

ZOHO ManageEngine Cloud Security Plus is a log management and monitoring tool for the public cloud platform from ZOHO, Inc. A code injection vulnerability exists in ZOHO ManageEngine Cloud Security Plus, which originates from Zoho ManageEngine Cloud Security Plus before Build 4117, which can be...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

Cross site request forgery (csrf)

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

Moxa EDR-810 Information Disclosure Vulnerability

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. An information disclosure vulnerability exists in the server proxy feature of the Moxa EDR-810 V4.1 build 17030317. An attacker can exploit this...

[SECURITY] Fedora 28 Update: nghttp2-1.31.1-1.fc28

This package contains the HTTP/2 client, server and proxy programs...

YaPiG 0.95b - Remote Code Execution

?php / \|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Portal : YaPIG 0.95b Vendor : http://yapig.sourceforge.net Author : Dj7xpl We Are : Y4Ho0 -Mr.Mithridates -Sir SiSiLi -System Failure -Satanic Soulfull -And Me Email : [email protected] Home :...