CVE-2021-39160: Code injection in nbgitpuller
(updated )
Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.
References
- github.com/advisories/GHSA-mq5p-2mcr-m52j
- github.com/jupyterhub/nbgitpuller
- github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md
- github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481
- github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j
- github.com/pypa/advisory-database/tree/main/vulns/nbgitpuller/PYSEC-2021-315.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-39160
Detect and mitigate CVE-2021-39160 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →