PYSEC-2022-42974

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/jupyter-core/PYSEC-2022-42974.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-42974

Aliases

Published

2022-10-26T20:15:00Z

Modified

2023-11-08T04:10:17.712382Z

Summary

[none]

Details

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.

References

Affected packages

PyPI / jupyter-core

Package

Name: jupyter-core; View open source insights on deps.dev
Purl: pkg:pypi/jupyter-core

Affected ranges

Type: GIT
Repo: https://github.com/jupyter/jupyter_core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1118c8ce01800cb689d51f655f5ccef19516e283

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.2

Affected versions

4.*

4.0.0.dev

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1.0

4.1.1

4.2.0

4.2.1

4.3.0

4.4.0

4.5.0

4.6.0

4.6.1

4.6.2

4.6.3

4.7.0rc0

4.7.0

4.7.1

4.8.0b0

4.8.0rc0

4.8.0rc1

4.8.0

4.8.1

4.8.2

4.9.0rc0

4.9.0

4.9.1rc0

4.9.1

4.9.2

4.10.0

4.11.0

4.11.1