cvelistv5 - cve-2025-30370

CVE-2025-30370 (GCVE-0-2025-30370)

Vulnerability from cvelistv5 – Published: 2025-04-03 22:00 – Updated: 2025-04-04 18:54

Summary

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(<command>). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command <command> is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd <git-repo-path> through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/jupyterlab/jupyterlab-git/secu…	x_refsource_CONFIRM
	https://github.com/jupyterlab/jupyterlab-git/pull/1196	x_refsource_MISC
	https://github.com/jupyterlab/jupyterlab-git/comm…	x_refsource_MISC
	https://github.com/jupyterlab/jupyterlab-git/blob…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	jupyterlab	jupyterlab-git	Affected: < 0.51.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30370",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-04T18:35:51.588736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-04T18:54:20.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyterlab-git",
          "vendor": "jupyterlab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.51.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(\u003ccommand\u003e). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks \"Git \u003e Open Git Repository in Terminal\" from the menu bar, then the injected command \u003ccommand\u003e is run in the user\u0027s shell without the user\u0027s permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd \u003cgit-repo-path\u003e through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-03T22:00:44.476Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8"
        },
        {
          "name": "https://github.com/jupyterlab/jupyterlab-git/pull/1196",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab-git/pull/1196"
        },
        {
          "name": "https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376"
        },
        {
          "name": "https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184"
        }
      ],
      "source": {
        "advisory": "GHSA-cj5w-8mjf-r5f8",
        "discovery": "UNKNOWN"
      },
      "title": "jupyterlab-git has a command injection vulnerability in \"Open Git Repository in Terminal\""
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-30370",
    "datePublished": "2025-04-03T22:00:44.476Z",
    "dateReserved": "2025-03-21T14:12:06.272Z",
    "dateUpdated": "2025-04-04T18:54:20.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30370\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-04-03T22:15:21.190\",\"lastModified\":\"2025-04-07T14:18:34.453\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(\u003ccommand\u003e). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks \\\"Git \u003e Open Git Repository in Terminal\\\" from the menu bar, then the injected command \u003ccommand\u003e is run in the user\u0027s shell without the user\u0027s permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd \u003cgit-repo-path\u003e through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.\"},{\"lang\":\"es\",\"value\":\"jupyterlab-git es una extensi\u00f3n de JupyterLab para el control de versiones mediante Git. En muchas plataformas, un tercero puede crear un repositorio Git con un nombre que incluya una cadena de sustituci\u00f3n de comandos de shell en la sintaxis $(). Estos nombres de directorio est\u00e1n permitidos en macOS y la mayor\u00eda de las distribuciones de Linux. Si un usuario inicia jupyter-lab en un directorio principal de este repositorio Git con un nombre inapropiado, lo abre y hace clic en \\\"Git \u0026gt; Abrir repositorio Git en la terminal\\\" en la barra de men\u00fa, el comando inyectado  se ejecuta en la shell del usuario sin su permiso. Este problema se produce porque, al hacer clic en esa entrada del men\u00fa, jupyterlab-git abre la terminal y ejecuta cd  en la shell para establecer el directorio actual. Al hacerlo, se ejecuta cualquier cadena de sustituci\u00f3n de comandos presente en el nombre del directorio, lo que provoca el problema de inyecci\u00f3n de comandos descrito aqu\u00ed. Un parche anterior proporcion\u00f3 una soluci\u00f3n incompleta. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.51.1. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jupyterlab/jupyterlab-git/pull/1196\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30370\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-04T18:35:51.588736Z\"}}}], \"references\": [{\"url\": \"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-04T18:54:11.372Z\"}}], \"cna\": {\"title\": \"jupyterlab-git has a command injection vulnerability in \\\"Open Git Repository in Terminal\\\"\", \"source\": {\"advisory\": \"GHSA-cj5w-8mjf-r5f8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"jupyterlab\", \"product\": \"jupyterlab-git\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.51.1\"}]}], \"references\": [{\"url\": \"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8\", \"name\": \"https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab-git/pull/1196\", \"name\": \"https://github.com/jupyterlab/jupyterlab-git/pull/1196\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376\", \"name\": \"https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184\", \"name\": \"https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(\u003ccommand\u003e). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks \\\"Git \u003e Open Git Repository in Terminal\\\" from the menu bar, then the injected command \u003ccommand\u003e is run in the user\u0027s shell without the user\u0027s permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd \u003cgit-repo-path\u003e through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-03T22:00:44.476Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30370\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-04T18:54:20.953Z\", \"dateReserved\": \"2025-03-21T14:12:06.272Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-03T22:00:44.476Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-CJ5W-8MJF-R5F8

Vulnerability from github – Published: 2025-04-04 14:05 – Updated: 2025-04-04 14:05

Summary

jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Details

Overview

On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $(<command>). These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command <command> is run in the user's shell without the user's permission.

This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd <git-repo-path> through the shell to set the current directory ^3. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix ^4.

Scope of Impact

This issue allows for arbitrary code execution via command injection. A wide range of actions are permitted by this issue, including but not limited to: modifying files, exfiltrating data, halting services, or compromising the server's security rules.

We have scanned the source code of jupyterlab-git for other command injection risks, and have not found any at the time of writing.

This issue was reproduced on the latest release of jupyterlab-git, v0.51.0. The steps taken to reproduce this issue are described in the "Proof-of-concept" section below.

Proof-of-concept

Create a new directory via mkdir test/ && cd test/.
Create a new Git repository under test/ with a command substitution string in the directory name by running these commands:

mkdir '$(touch pwned.txt)'
cd '$(touch pwned.txt)/'
git init
cd ..

Start JupyterLab from test/ by running jupyter lab.
With JupyterLab open in the browser, double click on $(touch pwned.txt) in the file browser.
From the top menu bar, click "Git > Open Git Repository in Terminal".
Verify that pwned.txt is created under test/. This demonstrates the command injection issue described here.

Proof-of-concept mitigation

The issue can be mitigated by the patch shown below.

Patch (click to expand)

diff --git a/src/commandsAndMenu.tsx b/src/commandsAndMenu.tsx
index 3779a6c..71ddcea 100644
--- a/src/commandsAndMenu.tsx
+++ b/src/commandsAndMenu.tsx
@@ -164,31 +164,13 @@ export function addCommands(
     label: trans.__('Open Git Repository in Terminal'),
     caption: trans.__('Open a New Terminal to the Git Repository'),
     execute: async args => {
-      const main = (await commands.execute(
-        'terminal:create-new',
-        args
-      )) as MainAreaWidget<ITerminal.ITerminal>;
+      const cwd = gitModel.pathRepository;
+      const main = (await commands.execute('terminal:create-new', {
+        ...args,
+        cwd
+      })) as MainAreaWidget<ITerminal.ITerminal>;

-      try {
-        if (gitModel.pathRepository !== null) {
-          const terminal = main.content;
-          terminal.session.send({
-            type: 'stdin',
-            content: [
-              `cd "${gitModel.pathRepository
-                .split('"')
-                .join('\\"')
-                .split('`')
-                .join('\\`')}"\n`
-            ]
-          });
-        }
-
-        return main;
-      } catch (e) {
-        console.error(e);
-        main.dispose();
-      }
+      return main;

This patch removes the cd <git-repo-path> shell command that causes the issue. To preserve the existing behavior, the cwd argument is set to <git-repo-path> when a terminal session is created via the terminal:create-new JupyterLab command. This preserves the existing application behavior while mitigating the command injection issue.

We have verified that this patch works when applied to a local installation of jupyterlab-git. We have also verified that the cwd argument is available in all versions of JupyterLab 4, so this patch should be fully backwards-compatible.

Workarounds

We recommend that users upgrade to the patched versions listed on this GHSA. However, if a user is unable to upgrade, there are 3 different ways to mitigate this vulnerability without upgrading to a patch.

Disable terminals on jupyter-server level: c.ServerApp.terminals_enabled = False
Disable the terminals server extension: jupyter server extension disable jupyter_server_terminals
Disable the lab extension: jupyter labextension disable @jupyterlab/terminal-extension

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyterlab-git"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.51.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-30370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-04T14:05:42Z",
    "nvd_published_at": "2025-04-03T22:15:21Z",
    "severity": "HIGH"
  },
  "details": "## Overview\n\nOn many platforms, a third party can create a Git repository under a name that includes a shell command substitution [^1] string in the syntax `$(\u003ccommand\u003e)`. These directory names are allowed in macOS and a majority of Linux distributions [^2]. If a user starts `jupyter-lab` in a parent directory of this inappropriately-named Git repository, opens it, and clicks \"Git \u003e Open Git Repository in Terminal\" from the menu bar, then the injected command `\u003ccommand\u003e` is run in the user\u0027s shell without the user\u0027s permission.\n\nThis issue is occurring because when that menu entry is clicked, `jupyterlab-git` opens the terminal and runs `cd \u003cgit-repo-path\u003e` through the shell to set the current directory [^3]. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix [^4].\n\n[^1]: https://www.gnu.org/software/bash/manual/html_node/Command-Substitution.html\n[^2]: https://www.gnu.org/software/libc/manual/html_node/File-Name-Portability.html\n[^3]: https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184\n[^4]: https://github.com/jupyterlab/jupyterlab-git/pull/1196\n \n\n## Scope of Impact\n\nThis issue allows for arbitrary code execution via command injection. A wide range of actions are permitted by this issue, including but not limited to: modifying files, exfiltrating data, halting services, or compromising the server\u0027s security rules.\n\nWe have scanned the source code of `jupyterlab-git` for other command injection risks, and have not found any at the time of writing.\n\nThis issue was reproduced on the latest release of `jupyterlab-git`, v0.51.0. The steps taken to reproduce this issue are described in the \"Proof-of-concept\" section below.\n \n\n## Proof-of-concept\n\n1. Create a new directory via `mkdir test/ \u0026\u0026 cd test/`.\n\n2. Create a new Git repository under `test/` with a command substitution string in the directory name by running these commands:\n\n```\nmkdir \u0027$(touch pwned.txt)\u0027\ncd \u0027$(touch pwned.txt)/\u0027\ngit init\ncd ..\n```\n\n3. Start JupyterLab from `test/` by running jupyter lab.\n4. With JupyterLab open in the browser, double click on `$(touch pwned.txt)` in the file browser.\n5. From the top menu bar, click \"Git \u003e Open Git Repository in Terminal\".\n6. Verify that `pwned.txt` is created under `test/`. This demonstrates the command injection issue described here.\n\n## Proof-of-concept mitigation\n\nThe issue can be mitigated by the patch shown below.\n\n\u003cdetails\u003e\u003csummary\u003ePatch (click to expand)\u003c/summary\u003e\n\n```diff\ndiff --git a/src/commandsAndMenu.tsx b/src/commandsAndMenu.tsx\nindex 3779a6c..71ddcea 100644\n--- a/src/commandsAndMenu.tsx\n+++ b/src/commandsAndMenu.tsx\n@@ -164,31 +164,13 @@ export function addCommands(\n     label: trans.__(\u0027Open Git Repository in Terminal\u0027),\n     caption: trans.__(\u0027Open a New Terminal to the Git Repository\u0027),\n     execute: async args =\u003e {\n-      const main = (await commands.execute(\n-        \u0027terminal:create-new\u0027,\n-        args\n-      )) as MainAreaWidget\u003cITerminal.ITerminal\u003e;\n+      const cwd = gitModel.pathRepository;\n+      const main = (await commands.execute(\u0027terminal:create-new\u0027, {\n+        ...args,\n+        cwd\n+      })) as MainAreaWidget\u003cITerminal.ITerminal\u003e;\n \n-      try {\n-        if (gitModel.pathRepository !== null) {\n-          const terminal = main.content;\n-          terminal.session.send({\n-            type: \u0027stdin\u0027,\n-            content: [\n-              `cd \"${gitModel.pathRepository\n-                .split(\u0027\"\u0027)\n-                .join(\u0027\\\\\"\u0027)\n-                .split(\u0027`\u0027)\n-                .join(\u0027\\\\`\u0027)}\"\\n`\n-            ]\n-          });\n-        }\n-\n-        return main;\n-      } catch (e) {\n-        console.error(e);\n-        main.dispose();\n-      }\n+      return main;\n```\n\u003c/details\u003e\n\nThis patch removes the `cd \u003cgit-repo-path\u003e` shell command that causes the issue. To preserve the existing behavior, the `cwd` argument is set to `\u003cgit-repo-path\u003e` when a terminal session is created via the `terminal:create-new` JupyterLab command. This preserves the existing application behavior while mitigating the command injection issue.\n\nWe have verified that this patch works when applied to a local installation of `jupyterlab-git`. We have also verified that the `cwd` argument is available in all versions of JupyterLab 4, so this patch should be fully backwards-compatible.\n\n## Workarounds\n\nWe recommend that users upgrade to the patched versions listed on this GHSA. However, if a user is unable to upgrade, there are 3 different ways to mitigate this vulnerability without upgrading to a patch. \n\n1. Disable terminals on `jupyter-server` level:\n    ```\n    c.ServerApp.terminals_enabled =  False\n    ```\n\n2. Disable the terminals server extension:\n    ```\n    jupyter server extension disable jupyter_server_terminals\n    ```\n\n3. Disable the lab extension:\n    ```\n    jupyter labextension disable @jupyterlab/terminal-extension\n    ```",
  "id": "GHSA-cj5w-8mjf-r5f8",
  "modified": "2025-04-04T14:05:42Z",
  "published": "2025-04-04T14:05:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30370"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab-git/pull/1196"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyterlab/jupyterlab-git"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "jupyterlab-git has a command injection vulnerability in \"Open Git Repository in Terminal\""
}

FKIE_CVE-2025-30370

Vulnerability from fkie_nvd - Published: 2025-04-03 22:15 - Updated: 2025-04-07 14:18

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184
	security-advisories@github.com	https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376
	security-advisories@github.com	https://github.com/jupyterlab/jupyterlab-git/pull/1196
	security-advisories@github.com	https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $(\u003ccommand\u003e). These directory names are allowed in macOS and a majority of Linux distributions. If a user starts jupyter-lab in a parent directory of this inappropriately-named Git repository, opens it, and clicks \"Git \u003e Open Git Repository in Terminal\" from the menu bar, then the injected command \u003ccommand\u003e is run in the user\u0027s shell without the user\u0027s permission. This issue is occurring because when that menu entry is clicked, jupyterlab-git opens the terminal and runs cd \u003cgit-repo-path\u003e through the shell to set the current directory. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix. This vulnerability is fixed in 0.51.1."
    },
    {
      "lang": "es",
      "value": "jupyterlab-git es una extensi\u00f3n de JupyterLab para el control de versiones mediante Git. En muchas plataformas, un tercero puede crear un repositorio Git con un nombre que incluya una cadena de sustituci\u00f3n de comandos de shell en la sintaxis $(). Estos nombres de directorio est\u00e1n permitidos en macOS y la mayor\u00eda de las distribuciones de Linux. Si un usuario inicia jupyter-lab en un directorio principal de este repositorio Git con un nombre inapropiado, lo abre y hace clic en \"Git \u0026gt; Abrir repositorio Git en la terminal\" en la barra de men\u00fa, el comando inyectado  se ejecuta en la shell del usuario sin su permiso. Este problema se produce porque, al hacer clic en esa entrada del men\u00fa, jupyterlab-git abre la terminal y ejecuta cd  en la shell para establecer el directorio actual. Al hacerlo, se ejecuta cualquier cadena de sustituci\u00f3n de comandos presente en el nombre del directorio, lo que provoca el problema de inyecci\u00f3n de comandos descrito aqu\u00ed. Un parche anterior proporcion\u00f3 una soluci\u00f3n incompleta. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 0.51.1. "
    }
  ],
  "id": "CVE-2025-30370",
  "lastModified": "2025-04-07T14:18:34.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-03T22:15:21.190",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/jupyterlab/jupyterlab-git/blob/7eb3b06f0092223bd5494688ec264527bbeb2195/src/commandsAndMenu.tsx#L175-L184"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/jupyterlab/jupyterlab-git/commit/b46482993f76d3a546015c6a94ebed8b77fc2376"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/jupyterlab/jupyterlab-git/pull/1196"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/jupyterlab/jupyterlab-git/security/advisories/GHSA-cj5w-8mjf-r5f8"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-30370 (GCVE-0-2025-30370)

GHSA-CJ5W-8MJF-R5F8

Overview

Scope of Impact

Proof-of-concept

Proof-of-concept mitigation

Workarounds

FKIE_CVE-2025-30370

Tags

Sightings

Nomenclature