Moderate severityNVD Advisory· Published Jan 13, 2021· Updated Aug 4, 2024
CVE-2020-36191
CVE-2020-36191
Description
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jupyterhubPyPI | < 1.2.0b1 | 1.2.0b1 |
Affected products
3- JupyterHub/JupyterHubdescription
- osv-coords2 versions
>= 1.1.0, < 1.1.1+ 1 more
- (no CPE)range: >= 1.1.0, < 1.1.1
- (no CPE)range: < 1.2.0b1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-7xx3-qp5w-fw96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36191ghsaADVISORY
- github.com/jupyterhub/jupyterhub/issues/3304ghsax_refsource_MISCWEB
- github.com/jupyterhub/jupyterhub/releasesghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-67.yamlghsaWEB
News mentions
0No linked articles in our index yet.