Jupyter Server CORS Origin Validation Bypass via re.match() and Fix

Vulnerability Overview Vulnerability Name: CWE-346: CORS Origin Validation Bypass via in in Vulnerability Description: Jupyter Server uses to validate the header against the configuration. Since anchors only at the beginning of the string, an attacker can bypass validation by controlling the domain (e.g., ) to match a pattern that only trusts . This affects all 5 locations involving CORS, WebSocket, referer, and login redirection. Scope Affected Versions: v1.12.0 to v2.17.0 Severity: Medium (6.1) Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Impact: Changes Confidentiality: Low Integrity: Low Availability: None Remediation Recommended Fix: Replace with in all 5 locations. has been available since Python 3.4, and Jupyter Server requires Python 3.8+. Fix Code: POC Code Step 1: Start Jupyter Server and configure . Step 2: Verify that legitimate origins are accepted (expected behavior). Step 3: Demonstrate bypass - attacker-controlled domain extension matches the pattern. Step 4: 5 vulnerable code locations. PoC Attack 1: Redirect to attacker domain after login (no cookies required). PoC Attack 2: Cross-origin API access and WebSocket kernel hijacking. Environment jupyter_server: v2.17.0 (latest, also verified HEAD main branch source code) Python: 3.13 Affected Versions: v1.12.0 to v2.17.0 (introduced via commit 3ecb4e01 / PR #603 for handlers.py and 884b72e7 / PR #1047 for websocket.py in git history) Impact When is configured, an attacker can: Redirect to attacker domain after login: in allows redirection to an attacker domain for authentication. No cookie or session requirement—direct phishing vector. Hijack kernel WebSocket connections: in uses the same vulnerable check. In deployments with cross-origin cookies, kernel WebSocket connections allow the attacker to execute arbitrary code in the victim's kernel. Read API responses across origins: File contents, kernel lists, session data. The header is set to the attacker's origin, making the response readable via in . The WebSocket origin check ( ) also passes. Bypass XSS protections: in is defeated. Previous advice (GHSAs-64x5-55w-9974) fixed XSS via referer verification, but this fix relied on matching, which itself is compromised by . Scope Limitations This requires the configuration of . The default value is an empty string (the vulnerable code path is not touched). However, is the documented method for enabling specific cross-origin access, and users expect exact string matching. Inconsistency Note The codebase correctly uses in for URL-to-resource matching, but this was never applied to origin validation. Occurrence References PR #603 https://docs.python.org/3/library/re.html#re.fullmatch https://docs.python.org/3/library/re.html#re.match https://github.com/advisories/GHSA-64x5-55w-9974

Goal Reached Thanks to every supporter — we hit 100%!

Jupyter Server CORS Origin Validation Bypass via re.match() and Fix

More from this source