CVE-2018-19352 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Cross-site scripting
Description	A security issue has been found in Jupyter Notebook versions prior to 5.7.2, where untrusted javascript could be executed if malicious files could be delivered to the users system and the user takes specific actions with those malicious files. It allowed maliciously crafted directory names to execute javascript when opened in the tree view.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-820	jupyter-notebook	5.5.0-1	5.7.2-1	Medium	Fixed	FS#60910

Date	Advisory	Group	Package	Severity	Type
06 Dec 2018	ASA-201812-1	AVG-820	jupyter-notebook	Medium	cross-site scripting

References
https://blog.jupyter.org/jupyter-notebook-security-fixes-59817e86a711