PYSEC-2021-315

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/nbgitpuller/PYSEC-2021-315.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-315

Aliases

Published

2021-08-25T18:15:00Z

Modified

2023-11-01T04:56:03.808892Z

Summary

[none]

Details

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.

References

Affected packages

PyPI / nbgitpuller

Package

Name: nbgitpuller; View open source insights on deps.dev
Purl: pkg:pypi/nbgitpuller

Affected ranges

Type: GIT
Repo: https://github.com/jupyterhub/nbgitpuller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07690644f29a566011dd0d7ba14cae3eb0490481

Type: ECOSYSTEM
Events: Introduced

0.9.0

Fixed

0.10.2

Affected versions

0.*

0.9.0

0.10.0

0.10.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/nbgitpuller/PYSEC-2021-315.yaml"