Jupyter Notebook Access Restriction Bypass Vulnerability

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. An access restriction bypass vulnerability exists in Jupyter Notebook, which can be exploited by an attacker to bypass access restrictions and obtain sensitive information...

Jupyter notebook -- cross-site inclusion (XSSI) vulnerability

Jupyter notebook Changelog: 5.7.6 contains a security fix for a cross-site inclusion XSSI vulnerability, where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server. The fix involves setting the X-Content-Type-Options: nosniff...

Fedora 28 : python-notebook (2018-1fdcb294e3)

Security fix for CVE-2018-8768 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora 29 : python-notebook (2018-b792d607fd)

Update to 5.7.2, fix CVE-2018-19351, CVE-2018-19352 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for python-notebook FEDORA-2018-b9581d9624

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: python-notebook-5.5.0-6.fc28

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[ASA-201812-1] jupyter-notebook: cross-site scripting

Arch Linux Security Advisory ASA-201812-1 ========================================= Severity: Medium Date : 2018-12-06 CVE-ID : CVE-2018-19351 CVE-2018-19352 Package : jupyter-notebook Type : cross-site scripting Remote : No Link : https://security.archlinux.org/AVG-820 Summary ======= The packag...

[SECURITY] Fedora 29 Update: python-notebook-5.7.2-1.fc29

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Security Bulletin: IBM i2 Analyst's Notebook. CVE-2018-1527

Summary IBM i2 Analyst's Notebook version 9.0.8 addresses the XML Entity Injection vulnerability detailed in CVE-2018-1527 Vulnerability Details When using any of the import features on IBM i2 Analyst's Notebook Cellebrite, XRY, and Notebook Exchange from the Import menu it is possible to import...

arpes (>=1.0.0 <=2.2.0), convert-and-download (>=0.1.3 <=0.2.4) +20 more potentially affected by CVE-2018-19352 via notebook (>=4.2.3 <=5.7.16)

notebook PYPI version =4.2.3, =1.0.0, =0.1.3, =1.0.0b1, =0.0.2, =1.31.7.dev0, =0.1.1.10, =0.2.1, =0.1.6.2, =0.1.2, =0.1.0, =0.5.0, =1.0.1, =0.1.1, =1.0.1 - marvin-python-toolbox =0.0.4 and more Source cves: CVE-2018-19352 Source advisory: OSV:GHSA-3P4Q-X8F3-P7VQ...

Jupyter Notebook XSS via directory name

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...

GHSA-3P4Q-X8F3-P7VQ Jupyter Notebook XSS via directory name

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...

fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)

notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:GHSA-49QR-XH3W-H436...

Jupyter Notebook XSS via untrusted notebooks

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

GHSA-49QR-XH3W-H436 Jupyter Notebook XSS via untrusted notebooks

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

Cross-site Scripting (XSS)

Jupyter notebook is vulnerable to cross-site scripting attacks. The vulnerability exists due to the lack of Content Security Policy CSP value in the HTTP headers, allowing untrusted content from different domains to be loaded and potentially leading to XSS attacks...

Jupyter Notebook Cross-Site Scripting Vulnerability (CNVD-2019-09602)

Jupyter Notebook is an open source web application that creates and shares documents containing live code, equations, visualizations, and narrative text. A cross-site scripting vulnerability exists in Jupyter Notebook versions prior to 5.7.1, which stems from a failure to set the content security...

Jupyter Notebook Cross-Site Scripting Vulnerability (CNVD-2019-09601)

Jupyter Notebook is an open source web application that creates and shares documents containing live code, equations, visualizations, and narrative text. A cross-site scripting vulnerability exists in Jupyter Notebook versions prior to 5.7.2, which stems from a failure to securely handle URLs in...

CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

CVE-2018-19352

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...