Skip to content

chore(deps): update dependency jupyterlab to v4.5.7 [security]#167

Merged
renovate[bot] merged 1 commit into
developfrom
renovate/pypi-jupyterlab-vulnerability
Jun 24, 2026
Merged

chore(deps): update dependency jupyterlab to v4.5.7 [security]#167
renovate[bot] merged 1 commit into
developfrom
renovate/pypi-jupyterlab-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
jupyterlab (changelog) 4.4.24.5.7 age confidence

JupyterLab LaTeX typesetter links did not enforce noopener attribute

CVE-2025-59842 / GHSA-vvfj-2jqx-52jm

More information

Details

Links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute.

This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if:

  • links generated by those extensions included target=_blank (no such extensions are known at time of writing) and
  • they were to click on a link generated in LaTeX (typically visibly different from other links).

For consistency with handling on other links, new versions of JupyterLab will enforce noopener and target=_blank on all links generated by typesetters. The former will harden the resilience of JupyterLab to extensions with lack of secure defaults in link rendering, and the latter will improve user experience by preventing accidental state loss when clicking on links rendered by LaTeX typesetters.

Impact

Since the official LaTeX typesetter extensions for JupyterLab: jupyterlab-mathjax (default), jupyterlab-mathjax2 and jupyterlab-katex do not include the target=_blank, there is no impact for JupyterLab users.

Patches

JupyterLab 4.4.8

Workarounds

No workarounds are necessary.

References

None

Severity

  • CVSS Score: 2.1 / 10 (Low)
  • Vector String: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

CVE-2026-40171 / GHSA-rch3-82jr-f9w9

More information

Details

Impact

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).

The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to:

  1. Read all files
  2. Modify/create files
  3. Access running kernels and execute arbitrary code
  4. Create terminals for shell access
Patches

Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.

Workarounds

The help extension can be disabled via CLI:

jupyter labextension disable @​jupyter-notebook/help-extension
jupyter labextension disable @​jupyterlab/help-extension
Hardening

The patched versions include a toggle to disable the command linker functionality altogether, for example via overrides.json:

{
  "@​jupyterlab/apputils-extension:sanitizer": {
    "allowCommandLinker": false
  }
}
Resources
Acknowledgments

Reported by Daniel Teixeira - NVIDIA AI Red Team

Severity

  • CVSS Score: 8.4 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

CVE-2026-42266 / GHSA-37w4-hwhx-4rc4

More information

Details

The allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.

This has security implications for deployments that:

  • have allow-listed specific extensions with aim to prevent users from installing packages
  • have the kernel and terminals disabled or delegated to remote hosts (thus no access to install packages in the single-user server environment)
  • have multi-tenant deployments that is not configured for untrusted users (as per documented on JupyterHub https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html)
  • have the (default) PyPI Extension Manager enabled
Impact

An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.

Patches

JupyterLab v4.5.7 contains the patch.

Users of applications that depend on JupyterLab, such as Notebook v7+, should update jupyterlab package too.

Workarounds

Switch to read-only extension manager by adding the following command line option:

--LabApp.extension_manager=readonly

or the following traitlet:

c.LabApp.extension_manager = 'readonly'

You can confirm that the read-only manager is in use from GUI:

image

Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.

References

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

CVE-2026-42557 / GHSA-mqcg-5x36-vfcg

More information

Details

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.

Impact

An attacker who shares a notebook or a Markdown file - via email, GitHub, or a Binder link - can invoke an arbitrary command upon a single click by the victim. The button can be rendered inside the output area and be visually indistinguishable from a legitimate widget. No kernel needs to start; the HTML output is stored in the notebook file and displayed immediately on open.

Single-click impact

An attacker convincing the victim to click on a single button or link can:

  • execute arbitrary code in the available kernels,
  • delete files leading to information loss; in principle the loss could be unrecoverable, depending on server configuration and attack complexity,
  • open multiple kernels/terminals at once, or create multiple files at once, putting significant stress on the server and thus deny availability for other users when using standalone multi-tenant jupyter-server deployment, and to a lesser degree impact availability on JupyterHub deployments.

The arbitrary code execution will be immediately visible to the user; and can be halted by the timely user intervention. The deletion of files can be silent and go unnoticed for some time.

Multi-click attacks

An attacker who convinces the victim to click on multiple buttons in specific order and to grant access to clipboard (or in scenarios where the user already granted keyboard access) can obtain full access to the terminal and execute arbitrary commands in the environment with access scope that might exceed that of available kernels. Only users of Chromium-based browsers are susceptible to this expanded variant of the attack.

The execution of commands in the terminal would be immediately visible to the user.

Impact of third-party extensions

The impact described above assumes a plain JupyterLab/Notebook installation. In environments with frontend extensions that contribute additional commands the attack surface is increased by the functionality covered by these commands.

Patches

JupyterLab 4.5.7

Workarounds

No workarounds are available for end-users.

Downstream applications inheriting from JupyterFrontEnd or JupyterLab can effectively disable the CommandLinker by passing commandLinker: new CommandLinker({ commands: new CommandRegistry() }) option in the initialization options.

Hardening

The patched versions include a toggle to disable the command linker functionality altogether, for example via overrides.json:

{
  "@​jupyterlab/apputils-extension:sanitizer": {
    "allowCommandLinker": false
  }
}
Resources

Severity

  • CVSS Score: 8.6 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

jupyterlab/jupyterlab (jupyterlab)

v4.5.7

Compare Source

4.5.7

(Full Changelog)

Security patches
Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​Carreau (activity) | @​filipeoliveira05 (activity) | @​flaviomartins (activity) | @​itsmejay80 (activity) | @​jtpio (activity) | @​krassowski (activity) | @​martinRenou (activity) | @​MUFFANUJ (activity) | @​utsav-develops (activity)

v4.5.6

Compare Source

4.5.6

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​agriyakhetarpal (activity) | @​IsabelParedes (activity) | @​jtpio (activity) | @​krassowski (activity) | @​soniya-malviy (activity) | @​tmetzl (activity)

v4.5.5

Compare Source

4.5.5

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​apoorvdarshan (activity) | @​bollwyvl (activity) | @​itsmevichu (activity) | @​jasongrout (activity) | @​krassowski (activity)

v4.5.4

Compare Source

4.5.4

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​brichet (activity) | @​ceasermikes002 (activity) | @​DeborahOlaboye (activity) | @​itsmevichu (activity) | @​jasongrout (activity) | @​jtpio (activity) | @​krassowski (activity) | @​Krish-876 (activity)

v4.5.3

Compare Source

4.5.3

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​aaron-seq (activity) | @​brichet (activity) | @​IsabelParedes (activity) | @​jimangel (activity) | @​jtpio (activity) | @​krassowski (activity)

v4.5.2

Compare Source

4.5.2

(Full Changelog)

Bugs fixed
Maintenance and upkeep improvements
Documentation improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​brichet (activity) | @​Darshan808 (activity) | @​i-aki-y (activity) | @​JamesWrigley (activity) | @​jtpio (activity) | @​krassowski (activity) | @​Krish-876 (activity) | @​MUFFANUJ (activity) | @​pranshugupta01 (activity)

v4.5.1

Compare Source

4.5.1

(Full Changelog)

Deprecated features
Enhancements made
Bugs fixed
Maintenance and upkeep improvements
Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.

(GitHub contributors page for this release)

@​Darshan808 (activity) | @​FoSuCloud (activity) | @​HaudinFlorence (activity) | @​ianthomas23 (activity) | @​jasongrout (activity) | @​jtpio (activity) | @​krassowski (activity) | @​martinRenou (activity) | @​meeseeksmachine (activity) | @​Meriem-BenIsmail (activity) | @​prajyot-porje (activity) | @​xc2 (activity)

v4.5.0

Compare Source

(Full Changelog)

New features added
Enhancements made

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner June 23, 2026 19:11
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
graph-sitter Ignored Ignored Preview Jun 24, 2026 2:06am

Request Review

@renovate renovate Bot requested review from kopekC and removed request for a team June 23, 2026 19:11
@renovate renovate Bot enabled auto-merge (squash) June 23, 2026 19:11
@renovate renovate Bot force-pushed the renovate/pypi-jupyterlab-vulnerability branch from c0f0eb3 to 3b2363a Compare June 24, 2026 02:06
@renovate renovate Bot merged commit b32866b into develop Jun 24, 2026
7 checks passed
@renovate renovate Bot deleted the renovate/pypi-jupyterlab-vulnerability branch June 24, 2026 02:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants