Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-32862

Опубликовано: 18 авг. 2022
Источник: debian

Описание

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nbconvertfixed6.5.1-1package

Примечания

  • https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq

  • https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/1afcaae89b1cc00a89539863ab91ee04e2240fc1 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/14185eb83c63a764886ea36f63ddd30963de9a8c (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/4b9c5e76bad57eedf1d3cdba244bb05811f64536 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/d2d44d4c69ba0edb3a68b5579138603505d98c19 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/37b152c0ad04fe53e782887b78662c8ffad1034a (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/df5cb60d58e5a159da1b33a9d7e7ea14e8637853 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/48fe71eb3335caf4e03166e56e0d16efcfbeaf44 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/a03cbb8a8d04d47aefec51e7b1b816045682aed5 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/b206470f9ecd71b006a37dd1298dd3d9e3dd46dd (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/0818628718c4a5d3ddd671fbd4881bf176e7d6e2 (6.5.1)

  • https://github.com/jupyter/nbconvert/commit/bef65d7ab2a469b01e4aa25f44c0f20326f7c7c5 (6.5.1)

  • Follow-up/regression https://github.com/jupyter/nbconvert/commit/c289e0a61660e612920397799169ed2c5ed35516 (6.5.2)

  • Follow-up/regression https://github.com/jupyter/nbconvert/commit/1652aa73b0f4900af97c0f1ac08e9573e00155bd (6.5.3)

Связанные уязвимости

ubuntu логотип

CVE-2021-32862

CVSS3: 7.5
ubuntu
больше 3 лет назад

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

nvd логотип

CVE-2021-32862

CVSS3: 7.5
nvd
больше 3 лет назад

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

github логотип

GHSA-9jmq-rx5f-8jwq

CVSS3: 5.4
github
больше 3 лет назад

nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths