PYSEC-2021-118

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2021-118.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-118
Aliases
Published
2021-08-09T21:15:00Z
Modified
2023-12-06T00:46:14.265211Z
Summary
[none]
Details

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

References

Affected packages

PyPI / notebook

Package

Affected ranges

Type
GIT
Repo
https://github.com/jupyter/notebook
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.7.11

Affected versions

5.*

5.7.0
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.7.8
5.7.9
5.7.10