CVE-2021-39160
Summary
| CVE | CVE-2021-39160 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-08-25 18:15:00 UTC |
|---|
| Updated | 2022-10-25 17:51:00 UTC |
|---|
| Description | nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Code injection in nbgitpuller · Advisory · jupyterhub/nbgitpuller · GitHub |
CONFIRM |
github.com |
|
| nbgitpuller/CHANGELOG.md at main · jupyterhub/nbgitpuller · GitHub |
MISC |
github.com |
|
| Merge pull request from GHSA-mq5p-2mcr-m52j · jupyterhub/nbgitpuller@0769064 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981435 Python (pip) Security Update for nbgitpuller (GHSA-mq5p-2mcr-m52j)
