GHSA-vvfj-2jqx-52jm · 深刻度: low · エコシステム: pip — JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if links generated by those extensions included target=_blank (no such extensions are known at time of writing) and they were to click on a link generated in LaTeX (typically visibly different from other links). This issue has been patched in version 4.4.8.
総合評価: CVE-2025-59842 は低リスク(12.3/100)。CVSS 深刻度は低。悪用される可能性が高い(EPSS 0.21%、11 パーセンタイル) 推奨対応: 総合リスクは低く緊急対応は不要です。通常の保守サイクルでパッチを適用し、CVSS / EPSS が上昇したら優先度を見直してください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.03% | 0.21% | +0.18% |
| 2 | 2026-02-22 | 0.05% | 0.03% | -0.02% |
| 3 | 2026-01-26 | — | 0.05% | — |
EPSS の全履歴 (全 6 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 2.1 | 4.0 | LOW |
|
— | — | [email protected] |
| 4.3 | 3.1 | MEDIUM |
|
2.8 | 1.4 | [email protected] |
GHSA-vvfj-2jqx-52jm · 深刻度: low · エコシステム: pip — JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
— | CVE-2025-59842: 1 source package rows (jupyterlab); 4 state rows across 1 repos (edge-community); fixed 0, open 4. | https://security.alpinelinux.org/vuln/CVE-2025-59842 |
debian
|
not yet assigned | CVE-2025-59842 not yet assigned priority: Debian including 1 source packages (jupyterlab), 3 status rows across 3 suites (forky, sid, trixie): open 3. | https://security-tracker.debian.org/tracker/CVE-2025-59842 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2025-59842 |
ubuntu
|
medium | CVE-2025-59842 medium priority: Ubuntu including 1 source packages (jupyterlab), 5 status rows across 5 suites (jammy, noble, plucky, questing, upstream): DNE 2, needs-triage 2, ignored 1. | https://ubuntu.com/security/CVE-2025-59842 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| jupyter | jupyterlab | < 4.4.8 | cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:* |