In JupyterLab versions before 3.6.7 and from 4.0.0 to 4.2.4 a high severity vulnerability CVE-2024-43805 was detected. This allows attackers to gain access to any data the victim can access and execute arbitrary requests as if they were the victim by exploiting a vulnerability in JupyterLab through malicious notebooks or Markdown files. To fix this problem, users should upgrade JupyterLab to versions 3.6.8 and 4.2.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43805.
Read more Machine LearningIn JupyterLab extension template (copier) a high severity security vulnerability CVE-2024-39700 was detected. During the upgrade, it is necessary to consider disabling GitHub Actions temporarily and reviewing open pull requests for outdated code. For those upgrading from versions earlier than 4.3.0, postpone changes to the release workflow due to setup requirements. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39700.
Read more Machine Learning