7 matches found
SUSE CVE-2018-19351
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
PYSEC-2021-130
JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html . Using this it is possible to trigger the form...
PT-2021-6459 · Unknown +1 · Jupyter Notebook +1
Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.11 Jupyter Notebook versions prior to 6.4.1 Description: The issue is related to the incorrect filtering of special symbols in the Caja component of the Jupyter Notebook environment, allowing a remote...
Jupyter Notebook XSS via untrusted notebooks
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
GHSA-49QR-XH3W-H436 Jupyter Notebook XSS via untrusted notebooks
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
PYSEC-2018-17
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
PT-2018-14936 · Project Jupyter +2 · Jupyter Notebook +2
Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.1 Description: The issue allows for cross-site scripting XSS attacks via an untrusted notebook. This is because nbconvert responses are considered to have the same origin as the notebook server, enabling...