Jupyter notebook is vulnerable to cross-site request forgery (CSRF) attacks. It does not properly check the CSRF token and set authorization header. Attackers could create untitled files and start kernels (no remote execution or modification of existing files) for users of certain browsers (Firefox, Internet Explorer/Edge).