OSG-SEC-2021-08-25 Vulnerabilities in JupyterLab and Jupyter Notebook
Dear OSG Security Contacts,
CRITICAL and lower risk vulnerabilities have been identified concerning JupyterLab and Jupyter Notebook.
For Jupyter Notebook Patched versions: 5.7.11, 6.4.1 For JupyterLab Patched versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21
Earlier versions are likely to be vulnerable.
WHAT ARE THE VULNERABILIES:
Vulnerabilities have been reported in JupyterLab (CVE-2021-32797 ) and Jupyter Notebook (CVE-2021-32798 ) which allow untrusted code in a Notebook to execute on load.
WHAT YOU SHOULD DO:
Sites and VOs should update to the latest version of JupyterLab and Jupyter Notebook as soon as possible. There are no recommended mitigations.
Please contact the OSG security team at sec[email protected] if you have any questions or concerns.
OSG Security Team