CVE-2021-32862

Опубликовано: 18 авг. 2022

Источник: nvd

CVSS3: 7.5

CVSS3: 5.4

EPSS Низкий

Описание

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer).

Ссылки

https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
Exploit
Third Party Advisory
https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
Broken Link
https://lists.debian.org/debian-lts-announce/2023/06/msg00003.html
Mailing List
Third Party Advisory
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
Exploit
Third Party Advisory
https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
Broken Link
https://lists.debian.org/debian-lts-announce/2023/06/msg00003.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00004.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jupyter:nbconvert:*:*:*:*:*:python:*:*

Версия до 6.2.0 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00749

Низкий

7.5 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-32862

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2021-32862

CVSS3: 7.5

debian

больше 3 лет назад

The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...

GHSA-9jmq-rx5f-8jwq

CVSS3: 5.4

github

больше 3 лет назад

nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths

EPSS

Процентиль: 73%

0.00749

Низкий

7.5 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79