Lucene search
+L

137 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

6.1CVSS6.2AI score0.01511EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS6.3AI score0.01102EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/08/30 12:0 a.m.76 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...

7.5CVSS6.1AI score0.01741EPSS
Exploits1References9
NVD
NVD
added 2022/08/18 7:15 p.m.20 views

CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS0.01102EPSS
Exploits1References4
OSV
OSV
added 2022/08/18 7:15 p.m.1 views

DEBIAN-CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

5.4CVSS6.3AI score0.01102EPSS
Exploits1References1
OSV
OSV
added 2022/08/18 7:15 p.m.14 views

CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

5.4CVSS5.5AI score
Exploits0References4
PyPA
PyPA
added 2022/08/18 7:15 p.m.8 views

PYSEC-2022-249

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS8.2AI score0.01102EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/18 7:15 p.m.18 views

Cross site scripting

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

4.9CVSS5.3AI score0.01102EPSS
Exploits1References3Affected Software2
UbuntuCve
UbuntuCve
added 2022/08/18 7:15 p.m.59 views

CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS6.7AI score0.01102EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/08/18 7:15 p.m.5 views

abracadabra (>=0.0.0 <=0.0.7), ai-economist (>=1.0.0 <=1.7.1) +161 more potentially affected by CVE-2021-32862 via nbconvert (>=4.2.0 <=6.3.0)

nbconvert PYPI version =4.2.0, =0.0.0, =1.0.0, =1.3.4, =1.0.0, =1.0.1, =1.13.0.post1, =1.0.0, =0.1.0.dev2021118, =0.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2021-32862 Source advisory: OSV:PYSEC-2022-249...

7.5CVSS6.7AI score0.01102EPSS
Exploits1
OSV
OSV
added 2022/08/18 7:15 p.m.21 views

PYSEC-2022-249

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS1.3AI score0.01102EPSS
Exploits1References2
OSV
OSV
added 2022/08/18 7:15 p.m.5 views

UBUNTU-CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS7.3AI score0.01102EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/08/18 12:0 a.m.47 views

CVE-2021-32862 nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS7.3AI score0.01102EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/08/18 12:0 a.m.22 views

CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS6.5AI score0.01102EPSS
Exploits1
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.6 views

nbconvert 跨站脚本漏洞

nbconvert is Project Jupyter open source a format conversion library . Jupyter .ipynb notebook document files into another static format , including HTML, LaTeX, PDF, Markdown and so on. A cross-site scripting vulnerability exists in versions prior to nbconvert 6.3. The vulnerability stems from t...

7.5CVSS6.5AI score0.01102EPSS
Exploits1References5
CVE
CVE
added 2022/08/18 12:0 a.m.344 views

CVE-2021-32862

CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...

7.5CVSS6.2AI score0.01102EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/08/10 6:22 p.m.24 views

Cross Site Scripting (XSS)

Nbconvert is vulnerable to Cross Site Scripting XSS. The vulnerability is due to multiple instances where a Jupyter notebook can inject unescaped HTML into the metadata when exported as HTML. An attacker in control of a notebook can inject arbitrary Javascript that will be executed when a user...

7.5CVSS5.4AI score0.01102EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/10 5:51 p.m.7 views

abracadabra (>=0.0.0 <=0.0.7), ai-economist (>=1.0.0 <=1.7.1) +206 more potentially affected by CVE-2021-32862 via nbconvert (>=4.2.0 <=6.5.0)

nbconvert PYPI version =4.2.0, =0.0.0, =1.0.0, =1.3.4, =0.18.3, =1.0.0, =0.1.1, =1.0.1, =0.0.1, =1.13.0.post1, =1.0.0, =0.1.0.dev2021118, =0.0.0, =0.3.4, =0.3.8 and more Source cves: CVE-2021-32862 Source advisory: OSV:GHSA-9JMQ-RX5F-8JWQ...

7.5CVSS6.5AI score0.01102EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/08/10 5:51 p.m.27 views

nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths

Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...

7.5CVSS5.8AI score0.01102EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/08/10 5:51 p.m.9 views

GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths

Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...

5.4CVSS6.2AI score0.01102EPSS
Exploits1References6
Rows per page
Query Builder