Jupyterlab
By the Year
In 2024 there have been 2 vulnerabilities in Jupyterlab with an average score of 6.3 out of ten. Jupyterlab did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 2 | 6.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.60 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jupyterlab vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jupyterlab Security Vulnerabilities
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture
CVE-2024-22421
6.5 - Medium
- January 19, 2024
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.
Information Disclosure
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture
CVE-2024-22420
6.1 - Medium
- January 19, 2024
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.
XSS
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook
CVE-2021-32797
9.6 - Critical
- August 09, 2021
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesnt sanitize the action attribute of html `<form>`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jupyterlab or by Jupyter? Click the Watch button to subscribe.
