CVE-2025-59842 Affecting jupyterlab package, versions *


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.21% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN14-JUPYTERLAB-13110012
  • published28 Sept 2025
  • disclosed26 Sept 2025

Introduced: 26 Sep 2025

CVE-2025-59842  (opens in a new tab)
CWE-1022  (opens in a new tab)

How to fix?

There is no fixed version for Debian:14 jupyterlab.

NVD Description

Note: Versions mentioned in the description apply only to the upstream jupyterlab package and not the jupyterlab package as distributed by Debian. See How to fix? for Debian:14 relevant fixed versions and status.

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if links generated by those extensions included target=_blank (no such extensions are known at time of writing) and they were to click on a link generated in LaTeX (typically visibly different from other links). This issue has been patched in version 4.4.8.

CVSS Base Scores

version 3.1