Arch Linux Security Advisory ASA-202108-10 ========================================== Severity: High Date : 2021-08-10 CVE-ID : CVE-2021-32797 Package : jupyterlab Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2266 Summary ======= The package jupyterlab before version 3.1.4-1 is vulnerable to cross- site scripting. Resolution ========== Upgrade to 3.1.4-1. # pacman -Syu "jupyterlab>=3.1.4-1" The problem has been fixed upstream in version 3.1.4. Workaround ========== None. Description =========== In JupyterLab before version 3.1.4, untrusted notebooks can execute code on load. In particular JupyterLab doesn't sanitize the action attribute of the HTML