voila@0.0.4 vulnerabilities

Voilà turns Jupyter notebooks into standalone web applications

Direct Vulnerabilities

Known vulnerabilities in the voila package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
External Control of File Name or Path

voila is a Voilà turns Jupyter notebooks into standalone web applications

Affected versions of this package are vulnerable to External Control of File Name or Path due to improper handling of the static_path configuration. An attacker can achieve local file inclusion by making a crafted request to the server, exploiting the misconfiguration to download any file readable by the server's running user.

Note

This vulnerability is contingent upon the server's deployment configuration, as authentication requirements may vary.

How to fix External Control of File Name or Path?

Upgrade voila to version 0.2.17, 0.3.8, 0.4.4, 0.5.6 or higher.

[0.0.2,0.2.17) [0.3.0a0,0.3.8) [0.4.0a0,0.4.4) [0.5.0a0,0.5.6)