Safety vulnerability ID: 76329
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator which was introduced in jupyterhub-ltiauthenticator 1.3.0, wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request, granting access to existing and new user identities.
Latest version: 1.6.2
JupyterHub authenticator implementing LTI v1.1 and LTI v1.3
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application