Vulnerability Description
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jupyter | Jupyterlab | >= 4.0.0, < 4.0.11 |
| Jupyter | Notebook | >= 7.0.0, < 7.0.7 |
| Fedoraproject | Fedora | 39 |
Related Weaknesses (CWE)
References
- https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e83Patch
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4Vendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e83Patch
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4Vendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
FAQ
What is CVE-2024-22420?
CVE-2024-22420 is a vulnerability with a CVSS score of 6.5 (MEDIUM). JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a maliciou...
How severe is CVE-2024-22420?
CVE-2024-22420 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22420?
Check the references section above for vendor advisories and patch information. Affected products include: Jupyter Jupyterlab, Jupyter Notebook, Fedoraproject Fedora.