137 matches found
SUSE CVE-2018-19351
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...
SUSE CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
DEBIAN-CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
PYSEC-2022-249
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
Cross site scripting
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
abracadabra (>=0.0.0 <=0.0.7), ai-economist (>=1.0.0 <=1.7.1) +161 more potentially affected by CVE-2021-32862 via nbconvert (>=4.2.0 <=6.3.0)
nbconvert PYPI version =4.2.0, =0.0.0, =1.0.0, =1.3.4, =1.0.0, =1.0.1, =1.13.0.post1, =1.0.0, =0.1.0.dev2021118, =0.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2021-32862 Source advisory: OSV:PYSEC-2022-249...
PYSEC-2022-249
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
UBUNTU-CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862 nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
nbconvert 跨站脚本漏洞
nbconvert is Project Jupyter open source a format conversion library . Jupyter .ipynb notebook document files into another static format , including HTML, LaTeX, PDF, Markdown and so on. A cross-site scripting vulnerability exists in versions prior to nbconvert 6.3. The vulnerability stems from t...
CVE-2021-32862
CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...
Cross Site Scripting (XSS)
Nbconvert is vulnerable to Cross Site Scripting XSS. The vulnerability is due to multiple instances where a Jupyter notebook can inject unescaped HTML into the metadata when exported as HTML. An attacker in control of a notebook can inject arbitrary Javascript that will be executed when a user...
abracadabra (>=0.0.0 <=0.0.7), ai-economist (>=1.0.0 <=1.7.1) +206 more potentially affected by CVE-2021-32862 via nbconvert (>=4.2.0 <=6.5.0)
nbconvert PYPI version =4.2.0, =0.0.0, =1.0.0, =1.3.4, =0.18.3, =1.0.0, =0.1.1, =1.0.1, =0.0.1, =1.13.0.post1, =1.0.0, =0.1.0.dev2021118, =0.0.0, =0.3.4, =0.3.8 and more Source cves: CVE-2021-32862 Source advisory: OSV:GHSA-9JMQ-RX5F-8JWQ...
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...
GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...