Rhoai Odh-Workbench-Jupyter-Pytorch-Cuda-Py312-Rhel9 vulnerabilities

CVE-2026-5422 [HIGH] CWE-22 jupyter-server: jupyter-server: Sensitive data exposure via path traversal vulnerability jupyter-server: jupyter-server: Sensitive data exposure via path traversal vulnerability A flaw was found in jupyter-server. This path traversal vulnerability exists due to insufficient validation of file paths, specifically an incorrect root directory boundary check and improper handling of directory traversal sequences. This allows a remote attacker with low privileges to bypas

CVE-2026-45292 [MEDIUM] CWE-770 opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementat

CVE-2026-8643 [HIGH] CWE-22 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use dir

CVE-2026-48710 [MEDIUM] CWE-1289 starlette: Starlette: Security restriction bypass via malformed HTTP Host header starlette: Starlette: Security restriction bypass via malformed HTTP Host header A flaw was found in Starlette, a lightweight ASGI (Asynchronous Server Gateway Interface) framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP `Host` request header. This malformed header could cause the `request.url` to be incorrectly reconstructed, leading

CVE-2026-2651 [CRITICAL] CWE-1220 github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access github.com/mlflow/mlflow: MLflow: Arbitrary code execution via unauthorized multipart upload access A flaw was found in MLflow when the `--serve-artifacts` mode is enabled. A remote attacker can exploit this vulnerability due to insufficient resource-level permission checks for multipart upload (MPU) endpoints. This allows the attacker to overwrite artifacts belo

CVE-2026-2734 [MEDIUM] CWE-639 mlflow: mlflow: Information Disclosure via improper authorization checks mlflow: mlflow: Information Disclosure via improper authorization checks A flaw was found in mlflow. An authenticated user could exploit a lack of proper authorization checks in the SearchModelVersions REST API and mlflowSearchModelVersions GraphQL query. This flaw allows them to enumerate all model versions across all registered models, potentially exposing sensitive information such as mode

CVE-2026-2611 [CRITICAL] CWE-940 mlflow: MLflow: Arbitrary Code Execution via Improper Origin Validation mlflow: MLflow: Arbitrary Code Execution via Improper Origin Validation A flaw was found in MLflow. Improper origin validation in the MLflow Assistant's /ajax-api endpoints allows a remote attacker to exploit cross-origin requests from a malicious webpage. This enables interaction with the MLflow Assistant running on a victim's local machine, bypassing loopback-only restrictions. Consequentl

CVE-2026-44432 [HIGH] CWE-409 urllib3: urllib3: Denial of Service due to excessive HTTP response decompression urllib3: urllib3: Denial of Service due to excessive HTTP response decompression A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if onl

CVE-2026-44431 [HIGH] CWE-201 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to ga

CVE-2026-2614 [HIGH] CWE-22 mlflow: mlflow: Arbitrary file read via bypassed source path validation mlflow: mlflow: Arbitrary file read via bypassed source path validation A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the `_create_model_version()` handler by including a specific tag, `mlflow.prompt.is_prompt`, in a `CreateModelVersion` request. This bypasses source path validation, allowing the attacker to specify an arbitrary local filesystem pat

CVE-2026-42308 [MEDIUM] CWE-190 Pillow: python: Pillow: Denial of Service via integer overflow in font processing Pillow: python: Pillow: Denial of Service via integer overflow in font processing A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceeding large amount, an integer overflow can occur when Pillow tracks the current position. This could lead to a denial of service (DoS) condition, making the application unavailable. Mitigation: To mitiga

CVE-2026-42309 [MEDIUM] CWE-131 Pillow: Pillow: Denial of Service via specially crafted coordinate input Pillow: Pillow: Denial of Service via specially crafted coordinate input A flaw was found in Pillow, a Python imaging library. A malicious actor could exploit this vulnerability by providing specially crafted nested lists as coordinates to image processing APIs within Pillow. This could lead to a heap buffer overflow, potentially causing a denial of service in applications using the library.

CVE-2026-42310 [MEDIUM] CWE-835 Pillow: Pillow: Denial of Service via malicious PDF processing Pillow: Pillow: Denial of Service via malicious PDF processing Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0. A flaw was found in Pillow, a Python imaging library. A remote atta

CVE-2026-41506 [HIGH] CWE-601 golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects A flaw was found in go-git, an extensible Git implementation library for Go. This vulnerability allows an attacker to potentially obtain sensitive HTTP authentication credentials. This can occur when go-git follows redirects during smart-HTT

CVE-2026-33079 [HIGH] CWE-1333 mistune: Mistune: Regular Expression Denial of Service (ReDoS) via crafted Markdown input mistune: Mistune: Regular Expression Denial of Service (ReDoS) via crafted Markdown input A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service (ReDoS), exists in the `LINK_TITLE_RE` regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expressi

CVE-2026-40110 [HIGH] CWE-625 jupyter-server: Jupyter Server: Cross-Origin Resource Sharing (CORS) bypass via improper Origin header validation jupyter-server: Jupyter Server: Cross-Origin Resource Sharing (CORS) bypass via improper Origin header validation A flaw was found in Jupyter Server. The Origin header validation, which uses Python's `re.match()` function, does not correctly validate incoming origins against allowed patterns. This allows a remote attacker to bypass Cross-Origin Resource

CVE-2025-61669 [MEDIUM] CWE-601 jupyter_server: Jupyter Server: Redirects to arbitrary external domains via insufficient validation of login parameter jupyter_server: Jupyter Server: Redirects to arbitrary external domains via insufficient validation of login parameter A flaw was found in Jupyter Server. The login flow's `next` query parameter is insufficiently validated, allowing redirects to arbitrary external domains. A remote attacker can exploit this vulnerability by crafting a malicious l

CVE-2026-44405 [LOW] CWE-328 paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use A flaw was found in Paramiko, a Python implementation of the SSHv2 protocol. The `rsakey.py` module allows the use of the SHA-1 cryptographic hash algorithm, which is known to have security weaknesses. An attacker on the same local network, with significant effort, could potentially exploit this to achi

CVE-2026-6321 [HIGH] CWE-22 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, le

CVE-2026-6915 [MEDIUM] CWE-266 mongodb: MongoDB: Authorization flaw allows modification of other user's authentication data mongodb: MongoDB: Authorization flaw allows modification of other user's authentication data A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is