Severity Medium
Remote No
Type Cross-site scripting
A security issue has been found in Jupyter Notebook versions prior to 5.7.1, where untrusted javascript could be executed if malicious files could be delivered to the users system and the user takes specific actions with those malicious files. It allowed nbconvert endpoints (such as Print Preview) to render untrusted HTML and javascript with access to the notebook server.
Group Package Affected Fixed Severity Status Ticket
AVG-820 jupyter-notebook 5.5.0-1 5.7.2-1 Medium Fixed FS#60910
Date Advisory Group Package Severity Description
06 Dec 2018 ASA-201812-1 AVG-820 jupyter-notebook Medium cross-site scripting