CVE-2020-36191
Published
CVSS v3
4.5
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
GitHub