Jupyterhub Jupyter-Server-Proxy vulnerabilities
3 known vulnerabilities affecting jupyterhub/jupyter-server-proxy.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-28179P2CRITICALCVSS 9.8v>= 4.0.0, < 4.1.1fixed in 3.2.32024-03-20
CVE-2024-28179 [CRITICAL] CWE-306 CVE-2024-28179: Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebo
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to t
ghsanvdosv
CVE-2022-21697P3HIGHCVSS 7.1fixed in 3.2.12022-01-25
CVE-2022-21697 [HIGH] CWE-918 CVE-2022-21697: Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyt
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy
ghsanvdosv
CVE-2024-35225P4MEDIUMCVSS 6.1v>= 3.0.0, < 3.2.4v>= 4.0.0, < 4.2.02024-06-11
CVE-2024-35225 [MEDIUM] CWE-79 CVE-2024-35225: Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook serve
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/`. When this endpoint is
ghsanvdosv