CNNVD-202509-4078 Information
CNNVD ID
CNNVD-202509-4078
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
JupyterLab是JupyterLab开源的一个用于交互式和可重复计算的可扩展环境,基于 Jupyter Notebook 和架构。 JupyterLab 4.4.8之前版本存在安全漏洞,该漏洞源于LaTeX排版生成的链接缺少noopener属性,可能导致反向标签劫持攻击。
Description (English)
JupyterLab is an interactive and recalculated extended environment for the JubayterLab open source, based on Jupyter Notebook and architecture. There was a security loophole in the previous version of JupyterLab 4.4.8, which stemmed from the absence of noopener attributes for the link generated by LaTeX layout, which could lead to a reverse tag hijacking attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
JupyterLab
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm https://vigilance.fr/vulnerability/jupyterlab-information-disclosure-via-LaTeX-Typesetters-Noopener-Attribute-48394
Patch
https://github.com/jupyterlab/jupyterlab/releases
Share on: