Описание
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 5.2.2-1ubuntu0.1 |
| devel | not-affected | 5.7.8-1 |
| disco | not-affected | 5.7.4-1 |
| eoan | not-affected | 5.7.8-1 |
| esm-apps/bionic | released | 5.2.2-1ubuntu0.1 |
| esm-apps/focal | not-affected | 5.7.8-1 |
| esm-apps/jammy | not-affected | 5.7.8-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 5.7.8-1 |
| groovy | not-affected | 5.7.8-1 |
Показывать по
10
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.
CVSS3: 5.3
debian
больше 6 лет назад
Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...
5 Medium
CVSS2
5.3 Medium
CVSS3