Code injection in nbgitpuller
High severity
GitHub Reviewed
Published
Aug 25, 2021
in
jupyterhub/nbgitpuller
•
Updated Sep 7, 2023
Description
Reviewed
Aug 25, 2021
Published by the National Vulnerability Database
Aug 25, 2021
Published to the GitHub Advisory Database
Aug 30, 2021
Last updated
Sep 7, 2023
Impact
Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.
Patches
0.10.2
Workarounds
None, other than upgrade to 0.10.2 or downgrade to 0.8.x.
For more information
If you have any questions or comments about this advisory:
References