Upgrade AlmaLinux:9 rubygem-typeprof to version 0:0.15.2-163.el9_5 or higher. This issue was patched in ALSA-2024:10858 .

Information Exposure Affecting jupyter-server package, versions [,1.23.6)[2.0.0,2.3.0)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-JUPYTERSERVER-8445268
published1 Dec 2024
disclosed1 Dec 2024
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 1 Dec 2024

NewCWE-200 (opens in a new tab)

How to fix?

Upgrade jupyter-server to version 1.23.6, 2.3.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure through the log_request function. This function recorded sensitive information from the query parameters without improper sanitization.

References

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None