VYPR
High severityNVD Advisory· Published Jan 19, 2024· Updated Jun 17, 2025

Potential authentication and CSRF tokens leak in JupyterLab

CVE-2024-22421

Description

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade jupyter-server to version 2.7.2 or newer which includes a redirect vulnerability fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jupyterlabPyPI
>= 4.0.0, < 4.0.114.0.11
jupyterlabPyPI
< 3.6.73.6.7
notebookPyPI
>= 7.0.0, < 7.0.77.0.7

Affected products

11

Patches

Vulnerability mechanics

References

8

News mentions

1