Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-32798 - log back

CVE-2021-32798 edited at 09 Aug 2021 22:42:48

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Cross-site scripting

Description

+

In Jupyiter notebook before version 6.4.1, an untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger a cross-site scripting (XSS) attack when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

References

+	https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
+	https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5

Notes

CVE-2021-32798 created at 09 Aug 2021 22:40:58