jupyter-server@2.6.0 vulnerabilities

The backend—i.e. core services, APIs, and REST endpoints—to Jupyter web applications.

Known vulnerabilities in the jupyter-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Generation of Error Message Containing Sensitive Information Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information. When handling API requests from an authenticated user, unhandled errors include traceback information, which can reveal path information. The revealed paths are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. How to fix Generation of Error Message Containing Sensitive Information? Upgrade `jupyter-server` to version 2.11.2 or higher.	[,2.11.2)
M Open Redirect Affected versions of this package are vulnerable to Open Redirect via maliciously crafted login links, which allows an attacker to redirect a successful login or an already logged-in session to arbitrary sites. How to fix Open Redirect? Upgrade `jupyter-server` to version 2.7.2 or higher.	[,2.7.2)
M Access Control Bypass Affected versions of this package are vulnerable to Access Control Bypass via the `/files/` URLs due to improper cross-site credentials validation. An attacker can expose certain file contents or access files when opening untrusted files via "Open image in new tab". Note: This is due to an incomplete fix of CVE-2019-9644 How to fix Access Control Bypass? Upgrade `jupyter-server` to version 2.7.2 or higher.	[,2.7.2)