VDB
CVE-2023-40170
CVE-2023-40170
PUBLISHED
CVSS 4.599999904632568 MEDIUM
cross-site inclusion (XSSI) of files in jupyter-server
EPSS 0.72% · 72.8th percentile
Risk Scores
CVSS v3.1
4.599999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.72%
72.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | jupyter-server | 0 |
| jupyter | jupyter_server | 0 |
| jupyter-server | jupyter_server | < 2.7.2 |
Timeline
- Aug 28, 2023 CVE Published
- Aug 29, 2023 EPSS Score
- Sep 15, 2023 CVE Updated
- Oct 1, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Jan 7, 2024 EPSS Score
- Feb 9, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 15, 2024 EPSS Score
- Jun 20, 2024 EPSS Score
- Jul 23, 2024 EPSS Score
References
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974 url
- https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-40170 advisory
- https://github.com/jupyter-server/jupyter_server package
- https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF url