13 matches found
Mageia: Security Advisory (MGASA-2022-0323)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5585-1: Jupyter Notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...
[SECURITY] [DLA 2432-1] jupyter-notebook security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2432-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 19, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2432-1 : jupyter-notebook security update
Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768 A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. CVE-2018-19351 allows...
Fedora 28 : python-notebook (2018-b9581d9624)
Security fix for CVE-2018-19351, CVE-2018-19352 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 29 : python-notebook (2018-b792d607fd)
Update to 5.7.2, fix CVE-2018-19351, CVE-2018-19352 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for python-notebook FEDORA-2018-b9581d9624
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-201812-1] jupyter-notebook: cross-site scripting
Arch Linux Security Advisory ASA-201812-1 ========================================= Severity: Medium Date : 2018-12-06 CVE-ID : CVE-2018-19351 CVE-2018-19352 Package : jupyter-notebook Type : cross-site scripting Remote : No Link : https://security.archlinux.org/AVG-820 Summary ======= The packag...
fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)
notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:GHSA-49QR-XH3W-H436...
fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)
notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:PYSEC-2018-17...
CVE-2018-19351
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
CVE-2018-19351
CVE-2018-19351 affects Jupyter Notebook prior to 5.7.2 due to missing Content Security Policy in nbconvert endpoints, enabling XSS via untrusted notebooks. Connected advisories confirm upstream fix in 5.7.2 (and related CSP/Open-redirect issues), with Debian/Fedora/Arch/Mageia/Ubuntu advisories r...