What is CVE-2024-22421?

CVE-2024-22421 is a high-severity vulnerability in Jupyterlab, classified under Information Disclosure. CVSS score: 7.6/10. Published 2024-01-19.

How severe is CVE-2024-22421?

High severity. CVSS v3 base score is 7.6 out of 10.

Path Traversal in Jupyterlab

CVE-2024-22421

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens expo…

Vulnerability class: Information Disclosure

EPSS: 0.001 (33.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L.

Affected products

Jupyterlab — versions < 3.6.7, >=4.0.0,< 4.0.11

Weakness classification (CWE)

CWE-200 — Information Disclosure
CWE-23 — Relative Path Traversal

References

https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 (x_refsource_CONFIRM)
https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6 (x_refsource_MISC)
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…

Frequently asked questions

What is CVE-2024-22421?: CVE-2024-22421 is a high-severity vulnerability in Jupyterlab, classified under Information Disclosure. CVSS score: 7.6/10. Published 2024-01-19.
How severe is CVE-2024-22421?: High severity. CVSS v3 base score is 7.6 out of 10.