CVE-2021-41247: incomplete JupyterHub logout with simultaneous JupyterLab sessions
(updated )
Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place.
References
- github.com/advisories/GHSA-cw7p-q79f-m2v7
- github.com/jupyterhub/jupyterhub
- github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
- github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
- github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-41247
Detect and mitigate CVE-2021-41247 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →