Safety vulnerability ID: 71838
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. A vulnerability existed where Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone with network access to the Jupyter server endpoint. This vulnerability permits unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy, potentially leading to remote unauthenticated arbitrary code execution due to the use of websockets in affected instances. Projects that do not rely on websockets are not affected. The websocket endpoints exposed by jupyter_server itself are also not affected. This issue has been fixed in the latest versions.
Latest version: 4.4.0
A Jupyter server extension to run additional processes and proxy to them that comes bundled JupyterLab extension to launch pre-defined processes.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application