Lucene search

Veracode Vulnerability DatabaseVERACODE:45091

HistoryJan 19, 2024 - 2:30 p.m.

Path Traversal

2024-01-1914:30:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

path traversal

file system

access control

jupyter-lsp

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

jupyter_lsp is vulnerable to Path Traversal. The vulnerability due to Installations of jupyter-lsp running in environments without configured file system access control. This flaw allows an attacker to modify the jupyter root directory.

CPENameOperatorVersion
jupyter-lsple2.2.1
jupyter-lsple2.2.1

CPE	Name	Operator	Version
	jupyter-lsp	le	2.2.1
	jupyter-lsp	le	2.2.1

References

github.com/advisories/GHSA-4qhp-652w-c22x

github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95

github.com/jupyter-lsp/jupyterlab-lsp/releases/tag/v5.0.2

github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for VERACODE:45091