11 matches found
CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
Mageia: Security Advisory (MGASA-2022-0323)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5585-1: Jupyter Notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...
[SECURITY] [DLA 2432-1] jupyter-notebook security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2432-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 19, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2432-1 : jupyter-notebook security update
Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768 A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. CVE-2018-19351 allows...
hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)
notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:GHSA-JQWC-JM56-WCWJ...
hugo-jupyter (>=0.2.1 <=0.3.0), ipynb-path (>=0.1.2 <=0.1.3) +3 more potentially affected by CVE-2018-21030 via notebook (>=4.2.3 <=5.4.1)
notebook PYPI version =4.2.3, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-21030 Source advisory: OSV:PYSEC-2019-157...
UBUNTU-CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
CVE-2018-21030
CVE-2018-21030 affects Jupyter Notebook prior to 5.5.0. The issue is that a lack of a Content Security Policy (CSP) header allows cross-origin risks, enabling XSS via SVG documents embedded in served files. The vulnerability is fixed in Jupyter Notebook 5.5.0; upgrade to 5.5.0 or newer to mitigat...