CVE-2020-36191

CVE-2020-36191

EPSS 0.5%

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/jupyterhub/jupyterhub/issues/3304 https://github.com/jupyterhub/jupyterhub/releases