CVEFinder.io

CVE-2024-39700

⛔ critical
🔍 Scan for this CVE
Summary

JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions

Description

JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration.

CVSS Score
9.9
Critical
EPSS Score
3.9
Exploit Probability
Published Date
2024-07-16
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 98.1% of all 328,009 vulnerabilities in our database.

#6,238
Top 5% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jul 29, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-09-04
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-94

📦 Affected Products 1

Vendor Product Status Affected Versions
jupyter jupyterlab Affected
< 4.3.0

🔗 References 2

https://github.com/jupyterlab/extension-template/com...
Patch
https://github.com/jupyterlab/extension-template/sec...
Exploit Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-42266 ⚠️ high 8.8 0.0 JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit... 2026-05-13
CVE-2026-42557 ⛔ critical 9.6 0.1 jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit... 2026-05-13
CVE-2025-59842 🔶 medium 4.3 0.1 jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit... 2025-09-26
CVE-2024-43805 ⚠️ high 7.6 0.4 jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit... 2024-08-28
CVE-2024-22420 🔶 medium 6.5 0.5 JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar... 2024-01-19
CVE-2024-22421 ⚠️ high 7.6 0.1 JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar... 2024-01-19
These CVEs affect the same products