Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-v61t-4jv9-j3bv

Summary JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.

Aliases

alias	CVE-2021-41247

alias	GHSA-cw7p-q79f-m2v7

alias	PYSEC-2021-386

Fixed_packages

url pkg:pypi/jupyterhub@1.5.0

purl pkg:pypi/jupyterhub@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.5.0

Affected_packages

url pkg:pypi/jupyterhub@1.0.0

purl pkg:pypi/jupyterhub@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-n2n2-cfn6-fyau

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.0.0

url pkg:pypi/jupyterhub@1.1.0b1

purl pkg:pypi/jupyterhub@1.1.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-n2n2-cfn6-fyau

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.1.0b1

url pkg:pypi/jupyterhub@1.1.0

purl pkg:pypi/jupyterhub@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-n2n2-cfn6-fyau

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.1.0

url pkg:pypi/jupyterhub@1.2.0b1

purl pkg:pypi/jupyterhub@1.2.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.0b1

url pkg:pypi/jupyterhub@1.2.0

purl pkg:pypi/jupyterhub@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.0

url pkg:pypi/jupyterhub@1.2.1

purl pkg:pypi/jupyterhub@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.1

url pkg:pypi/jupyterhub@1.2.2

purl pkg:pypi/jupyterhub@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.2.2

url pkg:pypi/jupyterhub@1.3.0

purl pkg:pypi/jupyterhub@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.3.0

url pkg:pypi/jupyterhub@1.4.0

purl pkg:pypi/jupyterhub@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.4.0

url pkg:pypi/jupyterhub@1.4.1

purl pkg:pypi/jupyterhub@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.4.1

url pkg:pypi/jupyterhub@1.4.2

purl pkg:pypi/jupyterhub@1.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jruk-8qvr-d3hh

vulnerability	VCID-v61t-4jv9-j3bv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/jupyterhub@1.4.2

References

reference_url	https://github.com/jupyterhub/jupyterhub
reference_id
reference_type
scores
url	https://github.com/jupyterhub/jupyterhub

reference_url	https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
reference_id
reference_type
scores
url	https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27

reference_url	https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
reference_id
reference_type
scores
url	https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-41247
reference_id	CVE-2021-41247
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-41247

reference_url	https://github.com/advisories/GHSA-cw7p-q79f-m2v7
reference_id	GHSA-cw7p-q79f-m2v7
reference_type
scores
url	https://github.com/advisories/GHSA-cw7p-q79f-m2v7

Weaknesses

cwe_id	613
name	Insufficient Session Expiration
description	According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v61t-4jv9-j3bv

Vulnerability Instance