chore: 🔨 Update dependency jupyterlab to v4.5.9 [SECURITY]#2107
Open
renovate[bot] wants to merge 1 commit into
Open
chore: 🔨 Update dependency jupyterlab to v4.5.9 [SECURITY]#2107renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2107 +/- ##
=======================================
Coverage 97.70% 97.70%
=======================================
Files 63 63
Lines 6246 6246
=======================================
Hits 6102 6102
Misses 144 144
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
dc376ff to
0260236
Compare
0260236 to
7723d5e
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



This PR contains the following updates:
4.5.6→4.5.9Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
CVE-2026-40171 / GHSA-rch3-82jr-f9w9
More information
Details
Impact
A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).
The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to:
Patches
Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.
Workarounds
The help extension can be disabled via CLI:
Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Acknowledgments
Reported by Daniel Teixeira - NVIDIA AI Red Team
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
CVE-2026-42266 / GHSA-37w4-hwhx-4rc4
More information
Details
The allow-list of extensions that can be installed from PyPI Extension Manager (
allowed_extensions_uris) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.This has security implications for deployments that:
Impact
An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.
Patches
JupyterLab
v4.5.7contains the patch.Users of applications that depend on JupyterLab, such as Notebook v7+, should update
jupyterlabpackage too.Workarounds
Switch to read-only extension manager by adding the following command line option:
or the following traitlet:
You can confirm that the read-only manager is in use from GUI:
Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.
References
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
CVE-2026-42557 / GHSA-mqcg-5x36-vfcg
More information
Details
JupyterLab's HTML sanitizer allowlists
data-commandlinker-commandanddata-commandlinker-argsonbuttonelements, whileCommandLinkerlistens for all click events ondocument.bodyand executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.Impact
An attacker who shares a notebook or a Markdown file - via email, GitHub, or a Binder link - can invoke an arbitrary command upon a single click by the victim. The button can be rendered inside the output area and be visually indistinguishable from a legitimate widget. No kernel needs to start; the HTML output is stored in the notebook file and displayed immediately on open.
Single-click impact
An attacker convincing the victim to click on a single button or link can:
The arbitrary code execution will be immediately visible to the user; and can be halted by the timely user intervention. The deletion of files can be silent and go unnoticed for some time.
Multi-click attacks
An attacker who convinces the victim to click on multiple buttons in specific order and to grant access to clipboard (or in scenarios where the user already granted keyboard access) can obtain full access to the terminal and execute arbitrary commands in the environment with access scope that might exceed that of available kernels. Only users of Chromium-based browsers are susceptible to this expanded variant of the attack.
The execution of commands in the terminal would be immediately visible to the user.
Impact of third-party extensions
The impact described above assumes a plain JupyterLab/Notebook installation. In environments with frontend extensions that contribute additional commands the attack surface is increased by the functionality covered by these commands.
Patches
JupyterLab 4.5.7
Workarounds
No workarounds are available for end-users.
Downstream applications inheriting from
JupyterFrontEndorJupyterLabcan effectively disable theCommandLinkerby passingcommandLinker: new CommandLinker({ commands: new CommandRegistry() })option in the initialization options.Hardening
The patched versions include a toggle to disable the command linker functionality altogether, for example via
overrides.json:{ "@​jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } }Resources
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol
GHSA-vmhf-c436-hxj4
More information
Details
A malicious PyPI package can place a
javascript:URL in its[project.urls]metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origin.Details
One of the PyPI package's URL (jupyterlab/extensions/pypi.py) is copied straight into the
homepage_urlrendered by the frontend in packages/extensionmanager/src/widget.tsx#L77-L88.Impact
An attacker needs to publish a package to PyPI (no access to the target). When the package appears in a victim's extension manager list and the victim clicks the extension name, the payload runs in the JupyterLab origin.
Preconditions: Extension Manager enabled with the default PyPI source, the malicious package appears in the victim's list/search results.
Patches
Patched in 4.5.9, commits 4e61e07 and d5d961f
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
jupyterlab/jupyterlab (jupyterlab)
v4.5.9Compare Source
4.5.9
(Full Changelog)
Bugs fixed
jupyter labextension buildcrash onwebpack ≥ 5.107#19021 (@Darshan808, @krassowski)homepage_url#19003 (@Yann-P)Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@arun-357 (activity) | @Darshan808 (activity) | @krassowski (activity) | @MUFFANUJ (activity) | @Yann-P (activity)
v4.5.8Compare Source
4.5.8
(Full Changelog)
Bugs fixed
getValue()throws #18938 (@AliMahmoudDev)packagingmin version pin #18910 (@krassowski)anchorfor prompt overlay #18840 (@CrafterKolyan)Maintenance and upkeep improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@AliMahmoudDev (activity) | @CrafterKolyan (activity) | @Darshan808 (activity) | @krassowski (activity)
v4.5.7Compare Source
4.5.7
(Full Changelog)
Security patches
Bugs fixed
Maintenance and upkeep improvements
4.5.xbranch #18817 (@krassowski).jp-VariableRenderer-TrustButtonCSS rule #18762 (@Carreau).jp-Cell-PlaceholderCSS rules #18761 (@Carreau)Documentation improvements
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@Carreau (activity) | @filipeoliveira05 (activity) | @flaviomartins (activity) | @itsmejay80 (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @MUFFANUJ (activity) | @utsav-develops (activity)
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.