GitHub Advisory DatabaseGHSA-4VWQ-X64Q-J4CJImproper Neutralization of Input During Web Page Generation in Jupyter Notebook
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.7%
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.
Affected configurations
References
lists.fedoraproject.org/pipermail/package-announce/2015-September/166460.html
lists.fedoraproject.org/pipermail/package-announce/2015-September/166471.html
lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html
lists.opensuse.org/opensuse-updates/2015-10/msg00016.html
seclists.org/oss-sec/2015/q3/474
seclists.org/oss-sec/2015/q3/544
bugzilla.redhat.com/show_bug.cgi?id=1259405
github.com/advisories/GHSA-4vwq-x64q-j4cj
github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892
github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed
github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3
github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2015-24.yaml
nvd.nist.gov/vuln/detail/CVE-2015-6938
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.7%