Safety vulnerability ID: 64587
The information on this page was manually curated by our Cybersecurity Intelligence Team.
CVE-2024-22420 describes a vulnerability in JupyterLab, where user interaction with a malicious notebook or Markdown file enables an attacker to access and act with the same permissions as the user. The flaw lies in the table of contents plugin. JupyterLab v4.0.11 includes a patch for this issue. Users can manually disable the plugin as a workaround.
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4
Latest version: 4.3.3
JupyterLab computational environment
([Full Changelog](https://github.com/jupyterlab/jupyterlab/compare/v4.1.0b1...43a4e70bfba19b0de21e17409477a91708964792))
Security fixes
- Potential authentication and CSRF tokens leak in JupyterLab ([GHSA-44cc-43rp-5947](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947))
- SXSS in Markdown Preview ([GHSA-4m77-cmpx-vjc4](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4))
Documentation improvements
- User-facing changelog for 4.1 [15648](https://github.com/jupyterlab/jupyterlab/pull/15648) ([krassowski](https://github.com/krassowski))
Contributors to this release
([GitHub contributors page for this release](https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2024-01-17&to=2024-01-19&type=c))
[github-actions](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Agithub-actions+updated%3A2024-01-17..2024-01-19&type=Issues) | [jupyterlab-probot](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajupyterlab-probot+updated%3A2024-01-17..2024-01-19&type=Issues) | [krassowski](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2024-01-17..2024-01-19&type=Issues)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application