OSG-SEC-2021-08-25 Vulnerabilities in JupyterLab and Jupyter Notebook
Dear OSG Security Contacts,
CRITICAL and lower risk vulnerabilities have been identified concerning JupyterLab and Jupyter Notebook.
For Jupyter Notebook Patched versions: 5.7.11, 6.4.1 For JupyterLab Patched versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21
Earlier versions are likely to be vulnerable.
WHAT ARE THE VULNERABILIES:
Vulnerabilities have been reported in JupyterLab (CVE-2021-32797 ) and Jupyter Notebook (CVE-2021-32798 ) which allow untrusted code in a Notebook to execute on load.
WHAT YOU SHOULD DO:
Sites and VOs should update to the latest version of JupyterLab and Jupyter Notebook as soon as possible. There are no recommended mitigations.
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team