13 matches found
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
Design/Logic Flaw
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
CVE-2023-51277
CVE-2023-51277 affects nbviewer-app (Jupyter Notebook Viewer) prior to version 0.1.6, where the release build incorrectly included the get-task-allow entitlement. This misconfiguration can enable loading of untrusted code, with reported high impact on confidentiality, integrity, and availability....
CVE-2023-51277
nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...
PT-2023-31781 · Unknown · Nbviewer-App
Name of the Vulnerable Software and Affected Versions: nbviewer-app aka Jupyter Notebook Viewer versions prior to 0.1.6 Description: The issue is related to the get-task-allow entitlement for release builds, which can lead to code execution due to an improperly set entitlement. The developer has...
SUSE CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
UBUNTU-CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...
CVE-2021-32862 nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...
GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...