CVE-2021-32798 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Cross-site scripting
Description	In Jupyiter notebook before version 6.4.1, an untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger a cross-site scripting (XSS) attack when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2267	jupyter-notebook	6.3.0-1	6.4.3-1	High	Fixed

References
https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5