2 matches found
@datalayer/jupyter-react (=0.9.5) potentially affected by CVE-2026-42557 via @jupyterlab/markdownviewer-extension (=4.1.0-beta.0)
@jupyterlab/markdownviewer-extension NPM version =4.1.0-beta.0 is affected by a known vulnerability. The following packages have a transitive dependency on @jupyterlab/markdownviewer-extension and may be impacted: - @datalayer/jupyter-react =0.9.5 Source cves: CVE-2026-42557 Source advisory:...
GHSA-9Q39-RMJ3-P4R2 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...