CVE-2021-41247

incomplete logout in JupyterHub

Description

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.

Category

3.5
CVSS
Severity: Low
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.21%
Third-Party Advisory github.com Third-Party Advisory github.com
Affected: jupyterhub jupyterhub
Published at:
Updated at:

References

Link Tags
https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 third party advisory
https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2021-41247?
CVE-2021-41247 has been scored as a low severity vulnerability.
How to fix CVE-2021-41247?
To fix CVE-2021-41247, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-41247 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-41247 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-41247?
CVE-2021-41247 affects jupyterhub jupyterhub.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.