MITRE reports:
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file
can bypass sanitization to execute JavaScript in the notebook context.
Specifically, invalid HTML is ‘fixed’ by jQuery after sanitization,
making it dangerous.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-notebook | < 5.4.1 | UNKNOWN |
FreeBSD | any | noarch | py34-notebook | < 5.4.1 | UNKNOWN |
FreeBSD | any | noarch | py35-notebook | < 5.4.1 | UNKNOWN |
FreeBSD | any | noarch | py36-notebook | < 5.4.1 | UNKNOWN |