PYSEC-2020-51

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/jupyterhub-kubespawner/PYSEC-2020-51.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-51

Aliases

Published

2020-07-17T21:15:00Z

Modified

2023-11-08T04:02:29.550274Z

Summary

[none]

Details

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

References

Affected packages

PyPI / jupyterhub-kubespawner

Package

Name: jupyterhub-kubespawner; View open source insights on deps.dev
Purl: pkg:pypi/jupyterhub-kubespawner

Affected ranges

Type: GIT
Repo: https://github.com/jupyterhub/kubespawner
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.12.0

Affected versions

0.*

0.1

0.5

0.5.1

0.6.0

0.7.1

0.8

0.8.1

0.9.0b1

0.9.0b2

0.9.0

0.10.0

0.10.1

0.11.0

0.11.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/jupyterhub-kubespawner/PYSEC-2020-51.yaml"