CVE-2020-36191 – JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, a …

Vuln ID: CVE-2020-36191

Published:  2021-01-13  04:15:13Z

Description: JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Source: NVD.NIST.GOV