NVD

Vulnerability Change Records for CVE-2024-22415

Action	Type	New Value
Added	CVSS V3.1	GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Added	CWE	GitHub, Inc. CWE-23
Added	CWE	GitHub, Inc. CWE-284
Added	CWE	GitHub, Inc. CWE-306
Added	Description	jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.
Added	Reference	GitHub, Inc. https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95 [No types assigned]
Added	Reference	GitHub, Inc. https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x [No types assigned]