From 064626bad91bde8a6d0a7af0eceea0600dcc9929 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 27 Nov 2021 13:36:30 +0100 Subject: jupyterhub entered the archive --- data/CVE/list.2019 | 1 + data/CVE/list.2020 | 3 ++- data/CVE/list.2021 | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 0d164e4943..fcc2139438 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -28357,6 +28357,7 @@ CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - jupyter-notebook 5.7.8-1 (bug #925939) [stretch] - jupyter-notebook (Intrusive to backport) + - jupyterhub (Fixed before initial upload to Debian) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 2ac8dc6e07..2cd87fffb0 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -859,7 +859,8 @@ CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS runnin CVE-2020-36192 (An issue was discovered in the Source Integration plugin before 2.4.1 ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...) - NOT-FOR-US: JupyterHub + - jupyterhub + NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...) NOT-FOR-US: RailsAdmin CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 060c4f0a13..a90c668c21 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -6960,7 +6960,9 @@ CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL f CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) NOT-FOR-US: GraphiQL CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) - NOT-FOR-US: JupyterHub + - jupyterhub + NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 + NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 CVE-2021-41246 RESERVED CVE-2021-41245 -- cgit v1.2.3