CVE-2022-39286

Summary

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.

Affected Software

VendorProductVersion RangeStatus
jupyterjupyter_core< 4.11.2affected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management
  • CWE-250: CWE-250: Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References