CVE-2021-39160

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39160
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39160.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39160
Aliases
Related
Published
2021-08-25T18:15:08.487Z
Modified
2026-02-13T00:37:19.194962Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.

References

Affected packages

Git / github.com/jupyterhub/nbgitpuller

Affected ranges

Type
GIT
Repo
https://github.com/jupyterhub/nbgitpuller
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
07690644f29a566011dd0d7ba14cae3eb0490481
Introduced
7b06cd8da09cfaf62ba00eda801257a207a01f1d
Fixed
07690644f29a566011dd0d7ba14cae3eb0490481

Affected versions

0.*
0.10.0
0.10.1
0.9.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39160.json"