CVE-2022-39286
moderate-risk
Published 2022-10-26
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (5)
Affected Vendors
References (14)
Third Party Advisory
https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
Third Party Advisory
https://security.gentoo.org/glsa/202301-04
Third Party Advisory
https://www.debian.org/security/2023/dsa-5422
Third Party Advisory
https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
Third Party Advisory
https://security.gentoo.org/glsa/202301-04
Third Party Advisory
https://www.debian.org/security/2023/dsa-5422
43
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
12/34 · Low