In JupyterLab versions before 3.6.7 and from 4.0.0 to 4.2.4 a high severity vulnerability CVE-2024-43805 was detected. This vulnerability allows attackers to gain access to any data the victim can access and execute arbitrary requests as if they were the victim by exploiting a vulnerability in JupyterLab through malicious notebooks or Markdown files. To fix this problem, users should upgrade JupyterLab to versions 3.6.8 and 4.2.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43805.
Read more Machine Learning
In JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. This vulnerability allows attackers to perform Remote Code Execution (RCE) via the `update-integration-tests.yml` workflow included in repositories created with the `test` option. To address this issue, users should upgrade the template to version 4.3.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.
Read more Machine Learning