VYPR

rpm package

opensuse/python-jupyter-server&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-jupyter-server&distro=openSUSE%20Tumbleweed

Vulnerabilities (6)

  • CVE-2026-5422HigJun 2, 2026
    affected < 2.19.0-1.1fixed 2.19.0-1.1

    A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,

  • CVE-2026-40934MedMay 5, 2026
    affected < 2.18.1-1.1fixed 2.18.1-1.1

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password

  • CVE-2026-40110HigMay 5, 2026
    affected < 2.18.1-1.1fixed 2.18.1-1.1

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string

  • CVE-2026-35397HigMay 5, 2026
    affected < 2.18.1-1.1fixed 2.18.1-1.1

    Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the r

  • CVE-2025-61669MedMay 5, 2026
    affected < 2.18.1-1.1fixed 2.18.1-1.1

    Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values su

  • CVE-2022-29241Jun 14, 2022
    affected < 2.14.2-3.1fixed 2.14.2-3.1

    Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the