Ubuntu.comUB:CVE-2021-32798CVE-2021-32798
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
53.0%
The Jupyter notebook is a web-based notebook environment for interactive
computing. In affected versions untrusted notebook can execute code on
load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize
user inputs. A public Caja bypass can be used to trigger an XSS when a
victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows
an attacker to execute arbitrary code on the victim computer using Jupyter
APIs.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | jupyter-notebook | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | jupyter-notebook | < any | UNKNOWN |
References
github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
launchpad.net/bugs/cve/CVE-2021-32798
nvd.nist.gov/vuln/detail/CVE-2021-32798
security-tracker.debian.org/tracker/CVE-2021-32798
www.cve.org/CVERecord?id=CVE-2021-32798
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
53.0%