Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.8 views

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

5.3CVSS5.9AI score0.01443EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/09/12 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2022-0323)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.05664EPSS
Exploits2References8
Ubuntu
Ubuntu
added 2022/08/30 9:26 a.m.52 views

USN-5585-1: Jupyter Notebook vulnerabilities

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...

7.5CVSS6.1AI score0.01741EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/08/30 12:0 a.m.75 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...

7.5CVSS6.1AI score0.01741EPSS
Exploits1References9
Debian
Debian
added 2020/11/19 4:53 a.m.70 views

[SECURITY] [DLA 2432-1] jupyter-notebook security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2432-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 19, 2020 https://wiki.debian.org/LTS -...

7.8CVSS7.3AI score0.01511EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/19 12:0 a.m.29 views

Debian DLA-2432-1 : jupyter-notebook security update

Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768 A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. CVE-2018-19351 allows...

7.8CVSS6.4AI score0.01511EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2019/11/08 5:7 p.m.2 views

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:GHSA-JQWC-JM56-WCWJ...

5.3CVSS6.5AI score0.01443EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/10/31 3:15 p.m.2 views

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:PYSEC-2019-157...

5.3CVSS6.5AI score0.01443EPSS
Exploits0
OSV
OSV
added 2019/10/31 3:15 p.m.2 views

UBUNTU-CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

5.3CVSS6.6AI score0.01443EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/10/31 2:52 p.m.28 views

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

5.8AI score0.01443EPSS
Exploits0References3
CVE
CVE
added 2019/10/31 2:52 p.m.103 views

CVE-2018-21030

CVE-2018-21030 affects Jupyter Notebook prior to 5.5.0. The issue is that a lack of a Content Security Policy (CSP) header allows cross-origin risks, enabling XSS via SVG documents embedded in served files. The vulnerability is fixed in Jupyter Notebook 5.5.0; upgrade to 5.5.0 or newer to mitigat...

5.3CVSS5.1AI score0.01443EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder