CVE-2022-21697: 
Python vulnerability analysis and mitigation

Jupyter Server Proxy (versions prior to 3.2.1) was found to be vulnerable to Server-Side Request Forgery (SSRF). The vulnerability affects any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled. The issue was discovered and disclosed in January 2022, and was assigned CVE-2022-21697 (NVD, GitHub Advisory).

The vulnerability stems from a lack of input validation that allows authenticated clients to proxy requests to other hosts, bypassing the allowed_hosts check. The CVSS v3.1 base score is 6.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N, indicating network attack vector, low attack complexity, low privileges required, and user interaction required (GitHub Advisory).

The vulnerability could allow authenticated users to make proxy requests to unauthorized hosts. However, since authentication is required and authenticated users already have permissions to make similar requests via kernel or terminal execution, the impact is considered low to moderate (GitHub Advisory).

Users should upgrade to version 3.2.1 or later to receive the patch. Alternatively, users can manually apply the patch available at the GitHub repository. The fix was released in version 3.2.1 on January 24, 2022 (GitHub Advisory).