jupyter-server-proxy@1.0b9 vulnerabilities

A Jupyter server extension to run additional processes and proxy to them that comes bundled JupyterLab extension to launch pre-defined processes.

  • latest version

    4.4.0

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    10 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the jupyter-server-proxy package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Missing Authentication for Critical Function

    jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services

    Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improper authentication checks when proxying websockets. This vulnerability allows unauthenticated remote access to any websocket endpoint configured to be accessible via the package. In many instances, this could lead to remote unauthenticated arbitrary code execution, depending on how the affected instances utilize websockets.

    Note:

    The websocket endpoints exposed by jupyter_server itself are not impacted, and projects that do not utilize websockets remain unaffected.

    How to fix Missing Authentication for Critical Function?

    Upgrade jupyter-server-proxy to version 3.2.3, 4.1.1 or higher.

    [,3.2.3)[4.0.0,4.1.1)
    • M
    Server-side Request Forgery (SSRF)

    jupyter-server-proxy is a Jupyter server extension to supervise and proxy web services

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to lack of input validation, which allows authenticated clients to proxy requests to other hosts, bypassing the allowed_hosts check.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade jupyter-server-proxy to version 3.2.1 or higher.

    [,3.2.1)