Jupyter Enterprise Gateway: Prohibited UID/GID Bypass via Whitespace

A security advisory was published. The prohibited UID/GID feature can be bypassed by including whitespace in KERNEL_UID or KERNEL_GID values, allowing kernels to run as root.

Organisations running Jupyter Enterprise Gateway on Kubernetes clusters (and possibly other container orchestration systems) that use EG_PROHIBITED_UIDS and EG_PROHIBITED_GIDS.

Update Jupyter Enterprise Gateway to a patched version or apply the fix that trims whitespace from KERNEL_UID and KERNEL_GID values before checking against prohibited lists.