jupyter-server-proxy@1.0 vulnerabilities

A Jupyter server extension to run additional processes and proxy to them that comes bundled JupyterLab extension to launch pre-defined processes.

latest version

4.1.2
latest non vulnerable version

4.1.2
first published

5 years ago
latest version published

2 months ago
licenses detected
- BSD-3-Clause
  [0,)
View jupyter-server-proxy package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the jupyter-server-proxy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Missing Authentication for Critical Function jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks when proxying websockets. This vulnerability allows unauthenticated remote access to any websocket endpoint configured to be accessible via the package. In many instances, this could lead to remote unauthenticated arbitrary code execution, depending on how the affected instances utilize websockets. Note: The websocket endpoints exposed by `jupyter_server` itself are not impacted, and projects that do not utilize websockets remain unaffected. How to fix Missing Authentication for Critical Function? Upgrade `jupyter-server-proxy` to version 3.2.3, 4.1.1 or higher.	[,3.2.3) [4.0.0,4.1.1)
M Server-side Request Forgery (SSRF) jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to lack of input validation, which allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. How to fix Server-side Request Forgery (SSRF)? Upgrade `jupyter-server-proxy` to version 3.2.1 or higher.	[,3.2.1)

Missing Authentication for Critical Function

jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services

Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks when proxying websockets. This vulnerability allows unauthenticated remote access to any websocket endpoint configured to be accessible via the package. In many instances, this could lead to remote unauthenticated arbitrary code execution, depending on how the affected instances utilize websockets.

Note:

The websocket endpoints exposed by jupyter_server itself are not impacted, and projects that do not utilize websockets remain unaffected.

How to fix Missing Authentication for Critical Function?

Upgrade jupyter-server-proxy to version 3.2.3, 4.1.1 or higher.

[,3.2.3) [4.0.0,4.1.1)

Server-side Request Forgery (SSRF)

jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to lack of input validation, which allows authenticated clients to proxy requests to other hosts, bypassing the allowed_hosts check.

How to fix Server-side Request Forgery (SSRF)?

Upgrade jupyter-server-proxy to version 3.2.1 or higher.

[,3.2.1)

Go back to all versions of this package

jupyter-server-proxy@1.0 vulnerabilities

A Jupyter server extension to run additional processes and proxy to them that comes bundled JupyterLab extension to launch pre-defined processes.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities