CVE-2018-19352

Source
Severity Medium
Remote No
Type Cross-site scripting
Description
A security issue has been found in Jupyter Notebook versions prior to 5.7.2, where untrusted javascript could be executed if malicious files could be delivered to the users system and the user takes specific actions with those malicious files. It allowed maliciously crafted directory names to execute javascript when opened in the tree view.
Group Package Affected Fixed Severity Status Ticket
AVG-820 jupyter-notebook 5.5.0-1 5.7.2-1 Medium Fixed FS#60910
Date Advisory Group Package Severity Description
06 Dec 2018 ASA-201812-1 AVG-820 jupyter-notebook Medium cross-site scripting
References
https://blog.jupyter.org/jupyter-notebook-security-fixes-59817e86a711