Security Information / 2023 / Security Information -- DSA-5422-1 jupyter-core

Debian Security Advisory

DSA-5422-1 jupyter-core -- security update

Date Reported:

09 Jun 2023

Affected Packages:

jupyter-core

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1023361.
In Mitre's CVE dictionary: CVE-2022-39286.

More information:

It was discovered that jupyter-core, the core common functionality for Jupyter projects, could execute arbitrary code in the current working directory while loading configuration files.

For the stable distribution (bullseye), this problem has been fixed in version 4.7.1-1+deb11u1.

We recommend that you upgrade your jupyter-core packages.

For the detailed security status of jupyter-core please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jupyter-core