Lucene search
Veracode Vulnerability DatabaseVERACODE:36650HistoryAug 10, 2022 - 6:22 p.m.
Cross Site Scripting (XSS)
2022-08-1018:22:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
xss
nbconvert
vulnerability
jupyter notebook
html
javascript
software
EPSS
0.001
Percentile
25.0%
Nbconvert is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to multiple instances where a Jupyter notebook can inject unescaped HTML into the metadata when exported as HTML. An attacker in control of a notebook can inject arbitrary Javascript that will be executed when a user visits the exported notebook.
References
github.com/jupyter/nbconvert/commit/5d2c5e2b79534c11678b73e707feb74d7827a557#diff-5d5d0e216c4c7e2bdbdce10cc1bac7804d432ee61e1643be8f880cd422d14cd0R141
github.com/jupyter/nbconvert/releases/tag/6.3.0
github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
lists.debian.org/debian-lts-announce/2023/06/msg00003.html
Related
debian
debian
[SECURITY] [DLA 3442-1] nbconvert security update
2023-06-03 13:46:09
osv
osv
nbconvert - security update
2024-09-02 00:00:00
nbconvert - security update
2023-06-03 00:00:00
nessus
nessus
Debian DLA-3442-1 : nbconvert - LTS security update
2023-06-03 00:00:00
Debian dla-3863 : jupyter-nbconvert - security update
2024-09-02 00:00:00
prion
prion
Cross site scripting
2022-08-18 19:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-32862
2022-08-18 19:15:14
openvas
openvas
Debian: Security Advisory (DLA-3442-1)
2023-06-05 00:00:00
Debian: Security Advisory (DLA-3863-1)
2024-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2021-32862
2022-08-18 00:00:00
debiancve
debiancve
CVE-2021-32862
2022-08-18 19:15:14
cve
cve
CVE-2021-32862
2022-08-18 19:15:14
github
github