Security Advisories

CGA-phxw-qhp9-c3m7

Published

Last updated

https://images.chainguard.dev/security/CGA-phxw-qhp9-c3m7

Package

py3-jupyterhub

Latest Update

Fixed

Fixed Version

5.2.0-r0

Aliases

CVE-2024-38999
GHSA-x3m3-4wpv-5vgc

Severity

10.0

Critical

CVSS V3

Summary

jrburke requirejs vulnerable to prototype pollution

Description

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38999
https://github.com/advisories/GHSA-x3m3-4wpv-5vgc
https://github.com/requirejs/r.js/issues/1015
https://github.com/requirejs/requirejs/issues/1854
https://github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1
https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
https://github.com/requirejs/r.js
https://security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-phxw-qhp9-c3m7

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources