VYPR
Moderate severityNVD Advisory· Published Jan 13, 2021· Updated Aug 4, 2024

CVE-2020-36191

CVE-2020-36191

Description

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jupyterhubPyPI
< 1.2.0b11.2.0b1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.