Update examples dependencies [SECURITY]#597
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==4.5.6→==4.5.7Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
CVE-2026-40171 / GHSA-rch3-82jr-f9w9
More information
Details
Impact
A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).
The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to:
Patches
Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.
Workarounds
The help extension can be disabled via CLI:
Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Acknowledgments
Reported by Daniel Teixeira - NVIDIA AI Red Team
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
CVE-2026-42266 / GHSA-37w4-hwhx-4rc4
More information
Details
The allow-list of extensions that can be installed from PyPI Extension Manager (
allowed_extensions_uris) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.This has security implications for deployments that:
Impact
An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.
Patches
JupyterLab
v4.5.7contains the patch.Users of applications that depend on JupyterLab, such as Notebook v7+, should update
jupyterlabpackage too.Workarounds
Switch to read-only extension manager by adding the following command line option:
or the following traitlet:
You can confirm that the read-only manager is in use from GUI:
Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.
References
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
CVE-2026-42557 / GHSA-mqcg-5x36-vfcg
More information
Details
JupyterLab's HTML sanitizer allowlists
data-commandlinker-commandanddata-commandlinker-argsonbuttonelements, whileCommandLinkerlistens for all click events ondocument.bodyand executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.Impact
An attacker who shares a notebook or a Markdown file - via email, GitHub, or a Binder link - can invoke an arbitrary command upon a single click by the victim. The button can be rendered inside the output area and be visually indistinguishable from a legitimate widget. No kernel needs to start; the HTML output is stored in the notebook file and displayed immediately on open.
Single-click impact
An attacker convincing the victim to click on a single button or link can:
The arbitrary code execution will be immediately visible to the user; and can be halted by the timely user intervention. The deletion of files can be silent and go unnoticed for some time.
Multi-click attacks
An attacker who convinces the victim to click on multiple buttons in specific order and to grant access to clipboard (or in scenarios where the user already granted keyboard access) can obtain full access to the terminal and execute arbitrary commands in the environment with access scope that might exceed that of available kernels. Only users of Chromium-based browsers are susceptible to this expanded variant of the attack.
The execution of commands in the terminal would be immediately visible to the user.
Impact of third-party extensions
The impact described above assumes a plain JupyterLab/Notebook installation. In environments with frontend extensions that contribute additional commands the attack surface is increased by the functionality covered by these commands.
Patches
JupyterLab 4.5.7
Workarounds
No workarounds are available for end-users.
Downstream applications inheriting from
JupyterFrontEndorJupyterLabcan effectively disable theCommandLinkerby passingcommandLinker: new CommandLinker({ commands: new CommandRegistry() })option in the initialization options.Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
jupyterlab/jupyterlab (jupyterlab)
v4.5.7Compare Source
4.5.7
(Full Changelog)
Security patches
Bugs fixed
Maintenance and upkeep improvements
4.5.xbranch #18817 (@krassowski).jp-VariableRenderer-TrustButtonCSS rule #18762 (@Carreau).jp-Cell-PlaceholderCSS rules #18761 (@Carreau)Documentation improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@Carreau (activity) | @filipeoliveira05 (activity) | @flaviomartins (activity) | @itsmejay80 (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @MUFFANUJ (activity) | @utsav-develops (activity)
This PR was generated by Mend Renovate. View the repository job log.