From 9c03361cb062a9ad879a589ec42dd350fd9a5921 Mon Sep 17 00:00:00 2001
From: Robert Dick <robert@doyensec.com>
Date: Thu, 7 May 2026 11:04:19 -0400
Subject: [PATCH 1/2] unified docker compose for jupyter exposedui

---
 jupyter/exposedui/README.md          |  8 ++++++++
 jupyter/exposedui/docker-compose.yml | 25 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 jupyter/exposedui/docker-compose.yml

diff --git a/jupyter/exposedui/README.md b/jupyter/exposedui/README.md
index a04354d8..cf5f49af 100644
--- a/jupyter/exposedui/README.md
+++ b/jupyter/exposedui/README.md
@@ -6,3 +6,11 @@ application. The service listens on port `80`.
 This configs deploys the following services:
 
 -   `jupyter`: the Jupyter Notebook application.
+
+
+## Docker Compose
+```
+docker compose up
+```
+
+The vulnerable instance will run on port `8081` and the safe instance will run on port `8082`.
\ No newline at end of file
diff --git a/jupyter/exposedui/docker-compose.yml b/jupyter/exposedui/docker-compose.yml
new file mode 100644
index 00000000..a7e526fe
--- /dev/null
+++ b/jupyter/exposedui/docker-compose.yml
@@ -0,0 +1,25 @@
+version: "3.9"
+
+services:
+  jupyter-vuln:
+    image: jupyter/base-notebook:latest
+    container_name: jupyter-vuln
+    ports:
+      - "8081:8888"
+    command: >
+      start-notebook.sh
+      --NotebookApp.token=''
+      --NotebookApp.allow_origin='*'
+      --NotebookApp.ip='0.0.0.0'
+      --NotebookApp.open_browser=False
+  jupyter-safe:
+    image: jupyter/base-notebook:latest
+    container_name: jupyter-safe
+    ports:
+      - "8082:8888"
+    command: >
+      start-notebook.sh
+      --NotebookApp.token='tsunami-not-a-secure-token'
+      --NotebookApp.allow_origin='*'
+      --NotebookApp.ip='0.0.0.0'
+      --NotebookApp.open_browser=False
\ No newline at end of file

From c8c72bbd068167258ed6225265aba08a0bebd473 Mon Sep 17 00:00:00 2001
From: Robert Dick <robert@doyensec.com>
Date: Wed, 3 Jun 2026 09:08:26 -0400
Subject: [PATCH 2/2] pinned version

---
 jupyter/exposedui/docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/jupyter/exposedui/docker-compose.yml b/jupyter/exposedui/docker-compose.yml
index a7e526fe..154dc086 100644
--- a/jupyter/exposedui/docker-compose.yml
+++ b/jupyter/exposedui/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.9"
 
 services:
   jupyter-vuln:
-    image: jupyter/base-notebook:latest
+    image: jupyter/base-notebook@sha256:8c903974902b0e9d45d9823c2234411de0614c5c98c4bb782b3d4f55b3e435e6
     container_name: jupyter-vuln
     ports:
       - "8081:8888"
@@ -13,7 +13,7 @@ services:
       --NotebookApp.ip='0.0.0.0'
       --NotebookApp.open_browser=False
   jupyter-safe:
-    image: jupyter/base-notebook:latest
+    image: jupyter/base-notebook@sha256:8c903974902b0e9d45d9823c2234411de0614c5c98c4bb782b3d4f55b3e435e6
     container_name: jupyter-safe
     ports:
       - "8082:8888"
@@ -22,4 +22,4 @@ services:
       --NotebookApp.token='tsunami-not-a-secure-token'
       --NotebookApp.allow_origin='*'
       --NotebookApp.ip='0.0.0.0'
-      --NotebookApp.open_browser=False
\ No newline at end of file
+      --NotebookApp.open_browser=False