Wednesday, January 13, 2021
CVE-2020-36191
nist.gov
In: nist.gov
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). CVE-2020-36191