rpms / python-jupyter-server

Clone
Source Code
GIT

Files

f38 f39 f40 main rawhide
  1.   f38
  2.   CVE-2023-40170.patch
Blob Blame History Raw 
From 87a4927272819f0b1cae1afa4c8c86ee2da002fd Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 18 Aug 2023 05:27:05 +0200
Subject: [PATCH] Merge pull request from GHSA-64x5-55rw-9974

lost in forward-port PR 478

Co-authored-by: Zachary Sailer <zsailer@apple.com>
---
 jupyter_server/base/handlers.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jupyter_server/base/handlers.py b/jupyter_server/base/handlers.py
index dfeb73ea8..d77a787aa 100644
--- a/jupyter_server/base/handlers.py
+++ b/jupyter_server/base/handlers.py
@@ -855,6 +855,7 @@ def head(self, path):
     @authorized
     def get(self, path, **kwargs):
         """Get a file by path."""
+        self.check_xsrf_cookie()
         if os.path.splitext(path)[1] == ".ipynb" or self.get_argument("download", None):
             name = path.rsplit("/", 1)[-1]
             self.set_attachment_header(name)
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.