CRITICAL🇬🇧 English

CVE-2021-32798

CVSS 10.0v3.1pub. 2021-08-09upd. 2024-11-21

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Jupyter Notebook

    APP
    Jupyter
    6.4.05.7.0 – 5.7.11 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEXSS
CWE
Referencje

Powiązane podatności

CVE-2026-42557HIGH8.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-43805HIGH7.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-22421HIGH7.6ten sam produkt

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2022-24758HIGH7.5ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, un...

CVE-2018-8768HIGH7.8ten sam produkt

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaSc...