Security update for extensions authors using GitHub Actions (CVE-2024-39700)

krassowski · July 16, 2024, 9:37am

For attention of extension authors using extensions seeded from template/cookiecutter-ts in a public GitHub repository - a potential RCE vulnerability in galata update workflow was identified (CVE-2024-39700) and we recommend upgrading to the latest version of the template. For details please see:

Remote Code Execution vulnerability in `update-integration-tests` GitHub Action workflow · Advisory · jupyterlab/extension-cookiecutter-ts · GitHub
Remote Code Execution vulnerability in `update-integration-tests` GitHub Action workflow · Advisory · jupyterlab/extension-template · GitHub

Topic		Replies	Views
[ANN] Security releases: JupyterHub 4.1.6, 5.1.0 JupyterHub announcement , release , security	1	98	August 8, 2024
Extension templates and TLJH extensions jupyterhub	1	515	June 14, 2023
[ANN] Critical security fix in jupyter-server-proxy JupyterHub announcement , security	0	142	June 11, 2024
Unable to distribute prebuilt extension via PyPI extensions	6	742	June 23, 2021
Cannot run a development install using theme-cookiecutter JupyterLab how-to	2	1718	February 4, 2020

Security update for extensions authors using GitHub Actions (CVE-2024-39700)

Related topics