HIGH 8.8

PYSEC-2026-164

상세

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / jupyterlab

최초 영향 버전: 4.0.0 수정 버전: 4.5.7

수정 pip install --upgrade 'jupyterlab>=4.5.7'

참고

https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html [WEB]
https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations [WEB]
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4 [ADVISORY]
https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7 [FIX]