HIGH🇬🇧 English

CVE-2018-8768

CVSS 7.8v3.0pub. 2018-03-18upd. 2024-11-21

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Jupyter Notebook

    APP
    Jupyter
    < 5.4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-32798CRITICAL10.0ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untru...

CVE-2026-42557HIGH8.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-43805HIGH7.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-22421HIGH7.6ten sam produkt

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2022-24758HIGH7.5ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, un...

CVE-2018-8768 — HIGH 7.8 | CVEbaza.pl