Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/notebook@6.4.11
Typepypi
Namespace
Namenotebook
Version6.4.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.12
Latest_non_vulnerable_version7.5.6
Affected_by_vulnerabilities
0
url VCID-3bhm-ewdv-zbeq
vulnerability_id VCID-3bhm-ewdv-zbeq
summary Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29238
reference_id
reference_type
scores
0
value 0.00511
scoring_system epss
scoring_elements 0.66853
published_at 2026-06-05T12:55:00Z
1
value 0.00511
scoring_system epss
scoring_elements 0.66813
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29238
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29238
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29238
2
reference_url https://github.com/jupyter/notebook
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook
3
reference_url https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:26Z/
url https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-212.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-212.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29238
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29238
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013272
reference_id 1013272
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013272
7
reference_url https://github.com/advisories/GHSA-v7vq-3x77-87vg
reference_id GHSA-v7vq-3x77-87vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7vq-3x77-87vg
8
reference_url https://usn.ubuntu.com/5585-1/
reference_id USN-5585-1
reference_type
scores
url https://usn.ubuntu.com/5585-1/
fixed_packages
0
url pkg:pypi/notebook@6.4.12
purl pkg:pypi/notebook@6.4.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/notebook@6.4.12
aliases BIT-jupyter-base-notebook-2022-29238, BIT-jupyter-notebook-2022-29238, CVE-2022-29238, GHSA-v7vq-3x77-87vg, PYSEC-2022-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bhm-ewdv-zbeq
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/notebook@6.4.11