Safety vulnerability ID: 71067
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Pretzelai version 4.1.0b2 is impacted by CVE-2024-22421, which affects JupyterLab, the original package from which Pretzelai is forked. This vulnerability can expose Authorization and XSRFToken tokens to a third party if users click on a malicious link while using an older version of jupyter-server.
Latest version: 4.2.6
Pretzel is a fork of JupyterLab that improves the user experience of the JupyterLab computational environment.
([Full Changelog](https://github.com/jupyterlab/jupyterlab/compare/v4.1.0b1...43a4e70bfba19b0de21e17409477a91708964792))
Security fixes
- Potential authentication and CSRF tokens leak in JupyterLab ([GHSA-44cc-43rp-5947](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947))
- SXSS in Markdown Preview ([GHSA-4m77-cmpx-vjc4](https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4))
Documentation improvements
- User-facing changelog for 4.1 [15648](https://github.com/jupyterlab/jupyterlab/pull/15648) ([krassowski](https://github.com/krassowski))
Contributors to this release
([GitHub contributors page for this release](https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2024-01-17&to=2024-01-19&type=c))
[github-actions](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Agithub-actions+updated%3A2024-01-17..2024-01-19&type=Issues) | [jupyterlab-probot](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajupyterlab-probot+updated%3A2024-01-17..2024-01-19&type=Issues) | [krassowski](https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2024-01-17..2024-01-19&type=Issues)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application