See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-22420

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 19, 2024

Updated: Feb 10, 2024

CWE ID 79

Summary

CVE-2024-22420 is a vulnerability affecting JupyterLab, an interactive and reproducible computing environment. Malicious Markdown files can exploit the JupyterLab preview feature, allowing attackers to access data and perform arbitrary requests on behalf of the targeted user. This issue poses a significant risk as it requires no authentication and can lead to serious data breaches. Users running JupyterLab version 4.0.11 are advised to upgrade to the patched version, or disable the table of contents extension as a temporary workaround.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fedora Operating System
Jupyter Notebook

Affected Vendors

Jupyter
Fedora Project

Advisories, Assessments, and Mitigations

Back to Vulnerability Database