In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "ipython-notebook": "2.4.1-1ubuntu0.1~esm2", "ipython-doc": "2.4.1-1ubuntu0.1~esm2", "ipython-notebook-common": "2.4.1-1ubuntu0.1~esm2", "ipython3-notebook": "2.4.1-1ubuntu0.1~esm2", "ipython3": "2.4.1-1ubuntu0.1~esm2", "ipython": "2.4.1-1ubuntu0.1~esm2", "ipython-qtconsole": "2.4.1-1ubuntu0.1~esm2", "ipython3-qtconsole": "2.4.1-1ubuntu0.1~esm2" } ] }