PyPI: jupyterlab

CVE-2024-22421

Safety vulnerability ID: SFTY-20240119-43204

Safety legacy ID: pyup.io-64588

CVE-2024-22421 is a vulnerability in Jupyter Notebook where clicking a malicious link could expose Authorization and XSRFToken tokens to third parties in older jupyter-server versions. Patched versions include JupyterLab 4.1.0b2, 4.0.11, and 3.6.7. Users are advised to upgrade jupyter-server to version 2.7.2 or newer, which includes a fix for a redirect vulnerability. No other workaround has been identified. https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947

PythonPyPINVDNVDGitHubGHSA
Created at: May 22, 2026Updated at: May 22, 2026

Overview

JupyterLab vulnerable to potential authentication and CSRF tokens leak

Advisory

CVE-2024-22421 is a vulnerability in Jupyter Notebook where clicking a malicious link could expose Authorization and XSRFToken tokens to third parties in older jupyter-server versions. Patched versions include JupyterLab 4.1.0b2, 4.0.11, and 3.6.7. Users are advised to upgrade jupyter-server to version 2.7.2 or newer, which includes a fix for a redirect vulnerability. No other workaround has been identified. https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947

Affected Package

Affecting jupyterlab package, versions
>=4.0.0,<=4.0.10
<=3.6.6

Also affects

---

How to Fix

Upgrade
jupyterlab
to
4.0.11
3.6.7
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more