CVE-2021-39160

Code Injection in pypi/nbgitpuller

Identifier

CVE-2021-39160

Package Slug

pypi/nbgitpuller

Vulnerability

Code Injection

Description

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.

Affected Versions

All versions starting from 0.9.0 before 0.10.2

Solution

Upgrade to version 0.10.2 or above.

Last Modified

2021-09-01

source