Lucene search
+L

12 matches found

ossf
ossf
added 6 days ago11 views

Malicious code in google-caja-bower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a [email protected] declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the...

6.1AI score
Exploits0References8
susecve
susecve
added 2024/07/10 4:19 a.m.4 views

SUSE CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

9.6CVSS9.1AI score0.02106EPSS
Exploits1References4
osv
osv
added 2024/03/06 10:54 a.m.23 views

BIT-JUPYTER-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS9.3AI score0.02106EPSS
Exploits1References3
osv
osv
added 2024/03/06 10:54 a.m.21 views

BIT-JUPYTER-BASE-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS9.3AI score0.02106EPSS
Exploits1References3
nvd
nvd
added 2021/08/09 9:15 p.m.19 views

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS0.02106EPSS
Exploits1References2
osv
osv
added 2021/08/09 9:15 p.m.24 views

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

9.6CVSS9.2AI score
Exploits0References2
ubuntucve
ubuntucve
added 2021/08/09 9:15 p.m.54 views

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS7.5AI score0.02106EPSS
Exploits1References3
prion
prion
added 2021/08/09 9:15 p.m.16 views

Design/Logic Flaw

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

6.8CVSS9AI score0.02106EPSS
Exploits1References2Affected Software1
debiancve
debiancve
added 2021/08/09 8:50 p.m.24 views

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS9.5AI score0.02106EPSS
Exploits1
cvelist
cvelist
added 2021/08/09 8:50 p.m.38 views

CVE-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

10CVSS9.6AI score0.02106EPSS
Exploits1References2
cnnvd
cnnvd
added 2021/08/09 12:0 a.m.7 views

Jupyter Notebook 跨站脚本漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A security vulnerability exists in Jupyter notebook that stems from Jupyter Notebook using an unrecommended version of Google Caja to clean up user input. XSS can be triggere...

10CVSS8.7AI score0.02106EPSS
Exploits1References3
seebug
seebug
added 2013/08/27 12:0 a.m.18 views

Google Caja V8 JavaScript VM未明远程代码执行漏洞

Google Caja是一个旨在制订一个JavaScript语言的子集和最佳编程指导方针,约束JavaScript程序员编写的代码,符合一个更加安全,更加合理的JS代码 Google Caja相关冻结V8 Javascript虚拟机上陈列变异array mutations存在一个未明安全漏洞,允许攻击者利用漏洞执行任意代码 0 Google Caja r5550 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://code.google.com/p/google-caja/wiki/SecurityAdvisory201308013...

7.1AI score
Exploits0
Rows per page
Query Builder