138 matches found
BIT-JUPYTER-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
DEBIAN-CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42266
JupyterLab prior to 4.5.7 is affected: from 4.0.0 to 4.5.6 the allow-list for PyPI Extension Manager extensions could be bypassed, as allowed_extensions_uris was not properly enforced and not confined to the default PyPI index. This could allow an authenticated attacker to install unapproved/mali...
CVE-2026-42557
CVE-2026-42557 affects JupyterLab prior to 4.5.7. The HTML sanitizer allowedlist for button elements included data-commandlinker-command and data-commandlinker-args, while CommandLinker listens for all click events on document.body and may execute the named command without validating the source U...
CVE-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
Jupyterlab Python Library < 4.5.7 (CVE-2026-42557)
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. The version of JupyterLab installed on the remote host is prior to 4.5.7. It is, therefore, affected by a vulnerability: - JupyterLab's command linker attributes in HTML...
@datalayer/jupyter-react (>=0.0.6 <=0.9.5), @fails-components/jupyter-applet-view (>=0.0.1-alpha.3 <=0.0.4) +21 more potentially affected by CVE-2026-42557 via @jupyterlab/apputils (>=4.0.0-alpha.11 <=4.5.10)
@jupyterlab/apputils NPM version =4.0.0-alpha.11, =0.0.6, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =0.0.1-alpha.3, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =0.2.0, =0.6.0, =0.6.0, =0.6.0-alpha.3, =0.6.0-alpha.9 and more Source cves: CVE-2026-42557 Source advisory:...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime-extension is an A rendermime extension for JupyterLab Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitra...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +264 more potentially affected by CVE-2026-42266 via jupyterlab (>=4.0.0 <=4.5.6)
jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-42266 Source advisory: SNYK:PYTHON-JUPYTERLAB-16425771...
a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +264 more potentially affected by CVE-2026-40171 via jupyterlab (>=4.0.0 <=4.5.6)
jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-40171 Source advisory: SNYK:PYTHON-JUPYTERLAB-16347194...
Fedora: Security Advisory (FEDORA-2025-5ce0931fe3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-7472c8fb5c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-547bc6efdc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-136667dc88)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...