CVE-2026-54528
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/07/2026
Last modified:
10/07/2026
Description
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://github.com/jupyterlab/jupyterlab-git/commit/460035275b5963dc96e364e60ba6a73717fbd033
- https://github.com/jupyterlab/jupyterlab-git/releases/tag/v0.54.0
- https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h
- https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-436q-jwfr-rm2h



