VYPR

PyPI package

jupyterhub-ltiauthenticator

pkg:pypi/jupyterhub-ltiauthenticator

Vulnerabilities (2)

  • CVE-2026-34052MedApr 3, 2026
    affected < 1.6.3fixed 1.6.3

    LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid cons

  • CVE-2023-25574Feb 25, 2025
    affected >= 1.3.0, < 1.4.0fixed 1.4.0

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a f