The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NJupyter Notebook
APPJupyter6.4.05.7.0 – 5.7.11 (bez)
Related vulnerabilities
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, un...
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaSc...