CVE-2018-19352

Опубликовано: 18 нояб. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

Ссылки

https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
Release Notes
https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
Patch
Third Party Advisory
https://pypi.org/project/notebook/#history
Release Notes
https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst
Release Notes
https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
Patch
Third Party Advisory
https://pypi.org/project/notebook/#history
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*

Версия до 5.7.2 (исключая)

EPSS

Процентиль: 51%

0.00283

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-19352

CVSS3: 6.1

ubuntu

около 7 лет назад

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.

CVE-2018-19352

CVSS3: 6.1

debian

около 7 лет назад

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name ...

GHSA-3p4q-x8f3-p7vq

CVSS3: 6.1

github

около 7 лет назад

Jupyter Notebook XSS via directory name

EPSS

Процентиль: 51%

0.00283

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79