[Git][security-tracker-team/security-tracker][master] Add CVE-2026-6657/jupyter-server
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 3 21:13:26 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3e43a77 by Salvatore Bonaccorso at 2026-06-03T22:12:36+02:00
Add CVE-2026-6657/jupyter-server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,8 @@ CVE-2026-8874 (Version 3.0.7 of the Securly Chrome Extension downloads JSON file
CVE-2026-7888 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via uns ...)
NOT-FOR-US: Concrete CMS
CVE-2026-6657 (A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allow ...)
- TODO: check
+ - jupyter-server <unfixed>
+ NOTE: https://huntr.com/bounties/18f642db-3569-43b3-b58d-ff97be4b09d7
CVE-2026-5241 (A vulnerability in the LightGlue model loading path of huggingface/tra ...)
NOT-FOR-US: huggingface/transformers
CVE-2026-5078 (Impact: The morgan logging middleware's :remote-user token extracts th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3e43a774a1d767360b8a3b945a5c478726c4cd0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3e43a774a1d767360b8a3b945a5c478726c4cd0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/28e8a2b1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list