CVE-2020-36191

Cross-Site Request Forgery (CSRF) in pypi/jupyterhub

Identifiers

CVE-2020-36191

Package Slug

pypi/jupyterhub

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

JupyterHub allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Affected Versions

Version 1.1.0

Solution

Upgrade to version 1.2.0 or above.

Last Modified

2021-01-20

source