Jupyter Enterprise Gateway YAML Injection via Untrusted Environment Variables

Jupyter Enterprise Gateway is vulnerable to YAML injection via untrusted environment variables (e.g., KERNEL_XXX) that are interpolated into Kubernetes manifests without proper escaping. Attackers can overwrite existing keys like securityContext and inject multi-document YAML to create arbitrary Kubernetes resources, including privileged pods.

All deployments of Jupyter Enterprise Gateway that allow users to specify kernel environment variables (e.g., KERNEL_WORKING_DIR) and use Kubernetes kernel launchers.

Upgrade to a patched version of Jupyter Enterprise Gateway as soon as possible. If not available, restrict access to the kernel API endpoint and sanitize or disallow user-supplied environment variables that are interpolated into Kubernetes manifests.