Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-436q-jwfr-rm2h | jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories |
Fri, 10 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 10 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jupyter
Jupyter jupyterlab |
|
| Vendors & Products |
Jupyter
Jupyter jupyterlab |
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0. | |
| Title | jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories | |
| Weaknesses | CWE-178 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T13:04:34.325Z
Reserved: 2026-06-15T18:40:01.651Z
Link: CVE-2026-54528
Updated: 2026-07-09T13:04:21.208Z
No data.
OpenCVE Enrichment
Updated: 2026-07-10T20:00:16Z
Github GHSA