Visual Studio Code Python Extension Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)

Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...

Security Bulletin: JWT Token Check Vulnerability in Watson Studio Local

Summary An error in how JWT token signature was checked has been addressed. This issue was leading to invalid Jupyter Notebook access. Vulnerability Details Third Party Entry: PSIRT-ADV0010959 DESCRIPTION: CVSS Base score: 5.9 CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected...

CVE-2019-19235

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...

GHSA-JQWC-JM56-WCWJ Cross-site scripting in Jupyter Notebook

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:GHSA-JQWC-JM56-WCWJ...

Cross-site scripting in Jupyter Notebook

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

DEBIAN-CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

PYSEC-2019-157

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)

notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:PYSEC-2019-157...

Cross site scripting

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

UBUNTU-CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

PYSEC-2019-157

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

CVE-2018-21030

CVE-2018-21030 affects Jupyter Notebook prior to 5.5.0. The issue is that a lack of a Content Security Policy (CSP) header allows cross-origin risks, enabling XSS via SVG documents embedded in served files. The vulnerability is fixed in Jupyter Notebook 5.5.0; upgrade to 5.5.0 or newer to mitigat...

PT-2019-10457 · Project Jupyter +2 · Jupyter Notebook +2

Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.5.0 Description: The issue arises from the lack of a Content Security Policy CSP header, which is used to define what sources of content are allowed to be executed within a web page. Without this header,...