CVE-2021-32798 log

Severity High
Remote Yes
Type Cross-site scripting
In Jupyiter notebook before version 6.4.1, an untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger a cross-site scripting (XSS) attack when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
Group Package Affected Fixed Severity Status Ticket
AVG-2267 jupyter-notebook 6.3.0-1 6.4.3-1 High Fixed