CVE-2020-36191
pypi/jupyterhub
Cross-Site Request Forgery (CSRF)
JupyterHub allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user
request (to add or remove a user account).
Version 1.1.0
Upgrade to version 1.2.0 or above.
2021-01-20
source |