jupyterlab-lsp@3.4.1 vulnerabilities

Coding assistance for JupyterLab with Language Server Protocol

  • latest version

    5.1.0

  • latest non vulnerable version

  • first published

    3 years ago

  • latest version published

    10 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the jupyterlab-lsp package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Relative Path Traversal

    jupyterlab-lsp is a Coding assistance for JupyterLab with Language Server Protocol

    Affected versions of this package are vulnerable to Relative Path Traversal due configured file system without access control on the operating system level and jupyter-server instances exposed to non-trusted network. An unauthorised attacker could gain access and modify the file system beyond the jupyter root directory.

    How to fix Relative Path Traversal?

    Upgrade jupyterlab-lsp to version 5.0.2 or higher.

    [,5.0.2)