Description

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener attribute. This is deemed to have no impact on the default installations. Theoretically users of third-party LaTeX-rendering extensions could find themselves vulnerable to reverse tabnabbing attacks if links generated by those extensions included target=_blank (no such extensions are known at time of writing) and they were to click on a link generated in LaTeX (typically visibly different from other links). This issue has been patched in version 4.4.8.

INFO

Published Date :

2025-09-26T15:53:37.253Z

Last Modified :

2025-09-26T17:52:42.227Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59842 vulnerability.

Vendors Products
Jupyter
  • Jupyterlab
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59842.

URL Resource
https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c cve-icon cve-icon cve-icon
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-59842 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-59842 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact