Описание
Security update for python-notebook
This update for python-notebook fixes the following issues:
- Update to 5.7.11
- sanitizer fix CVE-2021-32798 (boo#1227583)
- Update to 5.7.10
- no upstream changelog
- Update to 5.7.9
- Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358)
- Update from preact to React
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0231-1
- SUSE Security Ratings
- SUSE Bug 1227583
- SUSE CVE CVE-2019-11358 page
- SUSE CVE CVE-2021-32798 page
Описание
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Затронутые продукты
Ссылки
- CVE-2019-11358
Описание
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
Затронутые продукты
Ссылки
- CVE-2021-32798
- SUSE Bug 1227583