CVE-2018-21030

Опубликовано: 31 окт. 2019

Источник: debian

EPSS Низкий

Описание

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jupyter-notebook	fixed	5.7.4-1		package

Примечания

https://github.com/jupyter/notebook/pull/3341

EPSS

Процентиль: 58%

0.00368

Низкий

Связанные уязвимости

CVE-2018-21030

CVSS3: 5.3

ubuntu

больше 6 лет назад

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

CVE-2018-21030

CVSS3: 5.3

nvd

больше 6 лет назад

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

GHSA-jqwc-jm56-wcwj

CVSS3: 5.3

github

около 6 лет назад

Cross-site scripting in Jupyter Notebook

EPSS

Процентиль: 58%

0.00368

Низкий