BIT-jupyterhub-2020-36191

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jupyterhub/BIT-jupyterhub-2020-36191.json

Aliases

CVE-2020-36191
GHSA-7xx3-qp5w-fw96
PYSEC-2021-67

Published

2024-03-06T10:54:10.265Z

Modified

2024-03-06T11:25:28.861Z

Details

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

References

https://github.com/jupyterhub/jupyterhub/issues/3304
https://github.com/jupyterhub/jupyterhub/releases

Affected packages

Bitnami / jupyterhub

Package

Name: jupyterhub

Affected ranges

Type: SEMVER
Events: Introduced

1.1.0

Last affected

1.1.0