Gonzalo Gasca Meza

icon indicating an email [email protected]

icon company Google icon location California icon location Software Engineer @Google Working in Google Cloud Vertex

Results 21 issues of Gonzalo Gasca Meza

CORS is not checked when browsing files.

## Description When using JupyterLab + `jupyter_server` an attacker can pass a redirect using _xsrf HTTP param and cookie to bypass CORS checks (`c.ServerApp.allow_origin_pat`). Using `jupyter-server 2.14.2`. Redirect provides access...

bug