8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.6%
Jupyter Core is a package for the core common functionality of Jupyter
projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code
execution vulnerability in jupyter_core
that stems from jupyter_core
executing untrusted files in CWD. This vulnerability allows one user to run
code as another. Version 4.11.2 contains a patch for this issue. There are
no known workarounds.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jupyter-core | < 4.4.0-2ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | jupyter-core | < 4.6.3-3ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 22.04 | noarch | jupyter-core | < 4.9.1-1ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 22.10 | noarch | jupyter-core | < 4.11.1-1ubuntu0.22.10.1 | UNKNOWN |
github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283
github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
launchpad.net/bugs/cve/CVE-2022-39286
nvd.nist.gov/vuln/detail/CVE-2022-39286
security-tracker.debian.org/tracker/CVE-2022-39286
ubuntu.com/security/notices/USN-6153-1
www.cve.org/CVERecord?id=CVE-2022-39286