jupyter-server@1.6.4 vulnerabilities
The backend—i.e. core services, APIs, and REST endpoints—to Jupyter web applications.
-
latest version
2.14.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
a month ago
-
licenses detected
- [0.0.0,2.0.0a1)
Direct Vulnerabilities
Known vulnerabilities in the jupyter-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. When handling API requests from an authenticated user, unhandled errors include traceback information, which can reveal path information. The revealed paths are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. How to fix Generation of Error Message Containing Sensitive Information? Upgrade |
[,2.11.2)
|
Affected versions of this package are vulnerable to Open Redirect via maliciously crafted login links, which allows an attacker to redirect a successful login or an already logged-in session to arbitrary sites. How to fix Open Redirect? Upgrade |
[,2.7.2)
|
Affected versions of this package are vulnerable to Access Control Bypass via the Note: This is due to an incomplete fix of CVE-2019-9644 How to fix Access Control Bypass? Upgrade |
[,2.7.2)
|
Affected versions of this package are vulnerable to Information Exposure when the notebook server is started with a value of How to fix Information Exposure? Upgrade |
[,1.17.1)
|
Affected versions of this package are vulnerable to Information Exposure by logging the authentication cookie and other header values every time a 5xx error is triggered, by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. How to fix Information Exposure? Upgrade |
[,1.15.4)
|