Lucene search

GoogleOSV:CVE-2023-51277

HistoryJan 05, 2024 - 5:15 a.m.

CVE-2023-51277

2024-01-0505:15:08

Google

osv.dev

nbviewer-app

jupyter notebook viewer

0.1.6

get-task-allow

entitlement

release build

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.

CPENameOperatorVersion
nbviewer-appeq0.1.0
nbviewer-appeq0.1.2
nbviewer-appeq0.1.5
nbviewer-appeq0.1.1
nbviewer-appeq0.1.3

Name	Operator	Version
nbviewer-app	eq	0.1.0
nbviewer-app	eq	0.1.2
nbviewer-app	eq	0.1.5
nbviewer-app	eq	0.1.1
nbviewer-app	eq	0.1.3

References

developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087731

github.com/tuxu/nbviewer-app/commit/dc1e4ddf64c78e13175a39b076fa0646fc62e581

github.com/tuxu/nbviewer-app/compare/0.1.5...0.1.6

www.youtube.com/watch?v=c0nawqA_bdI

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for OSV:CVE-2023-51277