Safety vulnerability ID: 64588
The information on this page was manually curated by our Cybersecurity Intelligence Team.
CVE-2024-22421 is a vulnerability in Jupyter Notebook where clicking a malicious link could expose Authorization and XSRFToken tokens to third parties in older jupyter-server versions. Patched versions include JupyterLab 4.1.0b2, 4.0.11, and 3.6.7. Users are advised to upgrade jupyter-server to version 2.7.2 or newer, which includes a fix for a redirect vulnerability. No other workaround has been identified.
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947
Latest version: 4.3.3
JupyterLab computational environment
([Full Changelog](https://github.com/jupyterlab/jupyterlab/compare/v4.0.10...0708330843fd087134a239d2ad6005b1d543e246))
Security fixes
- Potential authentication and CSRF tokens leak in JupyterLab ([GHSA-44cc-43rp-5947](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947))
- SXSS in Markdown Preview ([GHSA-4m77-cmpx-vjc4](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4))
Bugs fixed
- Fixes focus indicator on input checkbox for Firefox [15612](https://github.com/jupyterlab/jupyterlab/pull/15612) ([alden-ilao](https://github.com/alden-ilao))
Documentation improvements
- Fix link to yarn docs in extension migration guide [15640](https://github.com/jupyterlab/jupyterlab/pull/15640) ([krassowski](https://github.com/krassowski))
Contributors to this release
([GitHub contributors page for this release](https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2023-12-29&to=2024-01-19&type=c))
[brichet](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Abrichet+updated%3A2023-12-29..2024-01-19&type=Issues) | [fcollonval](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Afcollonval+updated%3A2023-12-29..2024-01-19&type=Issues) | [github-actions](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Agithub-actions+updated%3A2023-12-29..2024-01-19&type=Issues) | [jtpio](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajtpio+updated%3A2023-12-29..2024-01-19&type=Issues) | [jupyterlab-probot](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajupyterlab-probot+updated%3A2023-12-29..2024-01-19&type=Issues) | [krassowski](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2023-12-29..2024-01-19&type=Issues) | [meeseeksmachine](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ameeseeksmachine+updated%3A2023-12-29..2024-01-19&type=Issues) | [misterfads](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Amisterfads+updated%3A2023-12-29..2024-01-19&type=Issues) | [welcome](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Awelcome+updated%3A2023-12-29..2024-01-19&type=Issues)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application