CVE-2021-32797 log

Severity High
Remote Yes
Type Cross-site scripting
In JupyterLab before version 3.1.4, untrusted notebooks can execute code on load. In particular JupyterLab doesn't sanitize the action attribute of the HTML <form> element. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook.
Group Package Affected Fixed Severity Status Ticket
AVG-2266 jupyterlab 3.1.2-1 3.1.4-1 High Fixed
Date Advisory Group Package Severity Type
10 Aug 2021 ASA-202108-10 AVG-2266 jupyterlab High cross-site scripting