Описание
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 5.1.0-3 |
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/xenial | released | 2.4.1-1ubuntu0.1~esm2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 5.4.1-1 |
| cosmic | ignored | end of life |
| devel | not-affected | 5.4.1-1 |
| disco | not-affected | 5.4.1-1 |
| eoan | not-affected | 5.4.1-1 |
| esm-apps/bionic | not-affected | 5.4.1-1 |
| esm-apps/focal | not-affected | 5.4.1-1 |
| esm-apps/jammy | not-affected | 5.4.1-1 |
| esm-infra-legacy/trusty | DNE |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...
Jupyter Notebook file bypasses sanitization, executes JavaScript
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3