CVE-2021-32798 - log back

CVE-2021-32798 edited at 09 Aug 2021 22:42:48
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ In Jupyiter notebook before version 6.4.1, an untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger a cross-site scripting (XSS) attack when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
References
+ https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
+ https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
Notes
CVE-2021-32798 created at 09 Aug 2021 22:40:58