CVE-2024-22421 Information

Description

JupyterLab is an extensible environment for interactive and reproducible computing based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. JupyterLab versions 4.1.0b2 4.0.11 and 3.6.7 are patched. No workaround has been identified however users should ensure to upgrade jupyter-server to version 2.7.2 or newer which includes a redirect vulnerability fix.

Reference

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6