Due to an unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment.
0.10.2
None, other than upgrade to 0.10.2 or downgrade to 0.8.x.
If you have any questions or comments about this advisory:
github.com/jupyterhub/nbgitpuller
github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md#0102---2021-08-25
github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481
github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j
nvd.nist.gov/vuln/detail/CVE-2021-39160