Tag
JupyterLab versions prior to 4.5.7 do not correctly enforce the allow-list of extensions that can be installed from PyPI Extension Manager, allowing authenticated attackers to escalate privileges and potentially exfiltrate data, move laterally, and persistently compromise server infrastructure.