JupyterLab Templates Security Update Advisory (CVE-2024-39700)

Overview
 

JupyterLab has released an update to address a vulnerability in their templates. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-39700

  • JupyterLab extension-template version: ~ 4.3.2 (inclusive)

 

 

Resolved Vulnerabilities
 

Remote Code Execution (RCE) Vulnerability in Copier Template for JupyterLab Extensions (CVE-2024-39700)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites[1] to update to the latest Vulnerability Patches version.

 

CVE-2024-39700

  • JupyterLab extension-template version: 4.3.3

 

Referenced Sites

[1] CVE-2024-39700 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39700

[2] Remote Code Execution vulnerability in `update-integration-tests` GitHub Action workflow

https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg

Article Link: JupyterLab Templates Security Update Advisory (CVE-2024-39700) – ASEC