1  info:
 2    name: jupyter-server
 3    cve: CVE-2023-49080
 4    summary: jupyter-server 错误包含带有路径信息的回溯
 5    details: API 请求中的未处理错误包含回溯信息，其中可能包括路径信息。目前没有已知的机制可以在未经身份验证的情况下触发这些错误，因此鉴于请求用户在同一环境中已经具有任意执行权限，泄露的路径不被认为是特别敏感的。
 6    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 7    severity: MEDIUM
 8    security_advise: 升级到 jupyter-server >= "2.11.2" 版本以解决此问题。
 9  rule: version > "0" && version < "2.11.2"
10  references:
11   - https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
12   - https://nvd.nist.gov/vuln/detail/CVE-2023-49080
13   - https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
14   - https://github.com/jupyter-server/jupyter_server
15   - https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
16   - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
17   - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I