JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

EUVD-2024-0239

Malicious code in bioql PyPI...

EUVD-2024-0253

Malicious code in bioql PyPI...

Fedora 40 : jupyterlab (2024-cd98f29570)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-cd98f29570 advisory. Update to 4.3.3 rhbz2331357 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

MGASA-2023-0060 Updated python-jupyterlab packages fix security vulnerability

Remote code execution, but requires user action to open a notebook. CVE-2021-32797, and other bug fixes...