yuvipanda

5 exploits Active since Nov 2020
CVE-2020-26261 WRITEUP HIGH WRITEUP
jupyterhub-systemdspawner < 0.15 - Unauthenticated User API Token Exposure via Systemd Environment
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
CVSS 7.9
CVE-2021-39160 WRITEUP CRITICAL WRITEUP
nbgitpuller 0.9.0-0.10.1 - OS Command Injection via Malicious Link
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.
CVSS 9.6
CVE-2024-28179 WRITEUP CRITICAL WRITEUP
Jupyter Server Proxy < 3.2.3 and 4.0.0-4.1.1 - Unauthenticated Remote Code Execution via WebSocket Endpoint
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue.
CVSS 9.0
CVE-2024-28179 WRITEUP CRITICAL WRITEUP
Jupyter Server Proxy < 3.2.3 and 4.0.0-4.1.1 - Unauthenticated Remote Code Execution via WebSocket Endpoint
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue.
CVSS 9.0
CVE-2020-26232 WRITEUP MEDIUM WRITEUP
Jupyter Server < 1.0.6 - Open Redirect via Maliciously Crafted Link
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.
CVSS 4.1