Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/jupyter-notebook@6.4.12-r0?arch=riscv64&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namejupyter-notebook
Version6.4.12-r0
Qualifiers
arch riscv64
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-a9nq-eg1d-2fen
vulnerability_id VCID-a9nq-eg1d-2fen
summary Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29238
reference_id
reference_type
scores
0
value 0.00511
scoring_system epss
scoring_elements 0.66765
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29238
1
reference_url https://github.com/jupyter/notebook
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jupyter/notebook
2
reference_url https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:26Z/
url https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-212.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2022-212.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013272
reference_id 1013272
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013272
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29238
reference_id CVE-2022-29238
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29238
6
reference_url https://github.com/advisories/GHSA-v7vq-3x77-87vg
reference_id GHSA-v7vq-3x77-87vg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7vq-3x77-87vg
7
reference_url https://usn.ubuntu.com/5585-1/
reference_id USN-5585-1
reference_type
scores
url https://usn.ubuntu.com/5585-1/
fixed_packages
0
url pkg:apk/alpine/jupyter-notebook@6.4.12-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/jupyter-notebook@6.4.12-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/jupyter-notebook@6.4.12-r0%3Farch=riscv64&distroversion=v3.21&reponame=community
aliases BIT-jupyter-base-notebook-2022-29238, BIT-jupyter-notebook-2022-29238, CVE-2022-29238, GHSA-v7vq-3x77-87vg, PYSEC-2022-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9nq-eg1d-2fen
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/jupyter-notebook@6.4.12-r0%3Farch=riscv64&distroversion=v3.21&reponame=community