jupyter-server-proxy@1.0b7 vulnerabilities
A Jupyter server extension to run additional processes and proxy to them that comes bundled JupyterLab extension to launch pre-defined processes.
-
latest version
4.1.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the jupyter-server-proxy package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks when proxying websockets. This vulnerability allows unauthenticated remote access to any websocket endpoint configured to be accessible via the package. In many instances, this could lead to remote unauthenticated arbitrary code execution, depending on how the affected instances utilize websockets. Note: The websocket endpoints exposed by How to fix Missing Authentication for Critical Function? Upgrade |
[,3.2.3)
[4.0.0,4.1.1)
|
jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to lack of input validation, which allows authenticated clients to proxy requests to other hosts, bypassing the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,3.2.1)
|