Lucene search

GoogleOSV:PYSEC-2015-26

HistorySep 21, 2015 - 7:59 p.m.

PYSEC-2015-26

2015-09-2119:59:00

Google

osv.dev

0.002 Low

EPSS

Percentile

57.7%

JSON

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.

CPENameOperatorVersion
notebookeq4.0.1
notebookeq4.0.2
notebookeq4.0.0
notebookeq4.0.4

Name	Operator	Version
notebook	eq	4.0.1
notebook	eq	4.0.2
notebook	eq	4.0.0
notebook	eq	4.0.4

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/166460.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/166471.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html

lists.opensuse.org/opensuse-updates/2015-10/msg00016.html

seclists.org/oss-sec/2015/q3/474

seclists.org/oss-sec/2015/q3/544

bugzilla.redhat.com/show_bug.cgi?id=1259405

github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892

github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed

github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for OSV:PYSEC-2015-26