Advisories for Pypi/Jupyter-Core package

2025

Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

On Windows, the shared %PROGRAMDATA% directory is searched for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected.

2022

Execution with Unnecessary Privileges in JupyterApp

What kind of vulnerability is it? Who is impacted? We’d like to disclose an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in the current working directory. This vulnerability allows one user to run code as another.