PYSEC-2022-249
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/nbconvert/PYSEC-2022-249.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2022-249
- Aliases
-
- CVE-2021-32862
- GHSA-9jmq-rx5f-8jwq
- GHSA-h274-fcvj-h2wm
- Published
- 2022-08-18T19:15:00Z
- Modified
- 2023-11-01T05:43:46.160744Z
- Summary
- [none]
- Details
-
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).
- References
Affected packages
PyPI / nbconvert
Package
- Name
- nbconvert
- View open source insights on deps.dev
- Purl
- pkg:pypi/nbconvert
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.3.0a0
Affected versions
0.*
0.0.0
4.*
4.0.0
4.1.0
4.2.0
4.3.0
5.*
5.0.0b1
5.0.0
5.1.0
5.1.1
5.2.1
5.3.0
5.3.1
5.4.0
5.4.1.dev0
5.4.1
5.5.0
5.6.0
5.6.1
6.*
6.0.0a0
6.0.0a1
6.0.0a2
6.0.0a3
6.0.0a4
6.0.0a5
6.0.0a6
6.0.0b7
6.0.0rc0
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.1.0rc0
6.1.0
6.1.1b0
6.2.0rc0
6.2.0rc1
6.2.0rc2
6.2.0