jupyterhub@2.3.0 vulnerabilities

JupyterHub: A multi-user server for Jupyter notebooks

latest version

4.1.5
latest non vulnerable version

5.0.0b1
first published

9 years ago
latest version published

22 days ago
licenses detected
- BSD-2-Clause
  [0.1.0,5.0.0b1)
View jupyterhub package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the jupyterhub package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF) jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to the mishandling of user input on a malicious subdomain. An attacker can achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API and the user's single-user server by tricking a user into visiting a malicious subdomain. Note: This is only exploitable in single-origin JupyterHub deployments and deployments where user-controlled applications run on subdomains or peer subdomains of either the Hub or a single-user server. How to fix Cross-site Request Forgery (CSRF)? Upgrade `jupyterhub` to version 4.1.0 or higher.	[,4.1.0)

Cross-site Request Forgery (CSRF)

jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to the mishandling of user input on a malicious subdomain. An attacker can achieve unauthorized access and control over a user's session and potentially gain full access to the JupyterHub API and the user's single-user server by tricking a user into visiting a malicious subdomain.

Note:

This is only exploitable in single-origin JupyterHub deployments and deployments where user-controlled applications run on subdomains or peer subdomains of either the Hub or a single-user server.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade jupyterhub to version 4.1.0 or higher.

[,4.1.0)

Go back to all versions of this package

jupyterhub@2.3.0 vulnerabilities

JupyterHub: A multi-user server for Jupyter notebooks

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities