cbcvebase.

Jupyter Server Proxy vulnerabilities

3 known vulnerabilities affecting jupyter/jupyter_server_proxy.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-28179P2CRITICALCVSS 9.8fixed in 3.2.3≥ 4.0.0, < 4.1.12024-03-20
CVE-2024-28179 [CRITICAL] CWE-306 CVE-2024-28179: Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebo Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to t
nvd
CVE-2022-21697P3HIGHCVSS 7.1fixed in 3.2.12022-01-25
CVE-2022-21697 [HIGH] CWE-918 CVE-2022-21697: Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyt Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy
nvd
CVE-2024-35225P4MEDIUMCVSS 6.1≥ 3.0.0, < 3.2.4≥ 4.1.2, < 4.2.02024-06-11
CVE-2024-35225 [MEDIUM] CWE-79 CVE-2024-35225: Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook serve Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/`. When this endpoint is
nvd
Jupyter Server Proxy vulnerabilities | cvebase