Tag

Jupyterlab

1 brief RSS

JupyterHub Extension Manager API/GUI Policy Discrepancy Allows Malicious Extension Installation

JupyterLab versions prior to 4.5.7 do not correctly enforce the allow-list of extensions that can be installed from PyPI Extension Manager, allowing authenticated attackers to escalate privileges and potentially exfiltrate data, move laterally, and persistently compromise server infrastructure.

JupyterHub +2 jupyterlab privilege-escalation vulnerability extension-manager

2r 1t 1h ago