2 matches found
Cross-site Scripting (XSS)
Overview @jupyterlab/markdownviewer-extension is a JupyterLab - Markdown Renderer Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...
CVE-2025-59842
CVE-2025-59842 affects jupyterlab; prior to 4.4.8, links generated from LaTeX renderers in Markdown cells could lack noopener, enabling potential reverse-tabnabbing with target=_blank. The issue was patched in jupyterlab 4.4.8. Fedora and other advisories indicate the fixes are provided in jupyte...